Roles And Services; Crypto Officer Services - Cisco 2621XM Operations

Table 3
Router Physical Interface
10/100BASE-TX LAN Port
WIC Interface
Network Module Interface
LAN Port LEDs
10/100BASE-TX LAN Port LEDs
Power LED
Redundant Power LED
Activity LED
Console Port
Auxiliary Port
Power Plug

Roles and Services

Authentication is role-based. There are two main roles in the router that operators may assume: the
Crypto Officer role and the User role. The administrator of the router assumes the Crypto Officer role
in order to configure and maintain the router using Crypto Officer services, while the Users exercise only
the basic User services. Both roles are authenticated by providing a valid username and password. The
configuration of the encryption and decryption functionality is performed only by the Crypto Officer
after authentication to the Crypto Officer role by providing a valid Crypto Officer username and
password. Once the Crypto Officer configured the encryption and decryption functionality, the User can
use this functionality after authentication to the User role by providing a valid User username and
password. The Crypto Officer can also use the encryption and decryption functionality after
authentication to the Crypto Officer role. The module supports RADIUS and TACACS+ for
authentication and they are used in the FIPS mode. A complete description of all the management and
configuration capabilities of the Cisco 2621XM and 2651XM Routers can be found in the Performing
Basic System Management manual and in the online help for the router.
The User and Crypto Officer passwords and the RADIUS/TACACS+ shared secrets must each be at least
8 alphanumeric characters in length. See the
section on page
PIN, the probability of randomly guessing the correct sequence is 1 in 1,814,400. Including the rest of
the alphanumeric characters drastically decreases the odds of guessing the correct sequence.

Crypto Officer Services

During initial configuration of the router, the Crypto Officer password (the "enable" password) is
defined. A Crypto Officer may assign permission to access the Crypto Officer role to additional
accounts, thereby creating additional Crypto Officers.
The Crypto Officer role is responsible for the configuration and maintenance of the router. The Crypto
Officer services consist of the following:
•
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy
OL-6262-01
Cisco 2621XM and Cisco 2651XM FIPS 140-2 Logical Interfaces (continued)
17, for more information. If only integers 0-9 are used without repetition for an 8 digit
Configure the router—define network interfaces and settings, create command aliases, set the
protocols the router will support, enable interfaces and network services, set system date and time,
and load authentication information.
FIPS 140-2 Logical Interface
Status Output Interface
Power Interface
"Secure Operation of the Cisco 2621XM/2651XM Router"
The 2621XM/2651XM Router
7