Filter
Top Products
Roles and Services
The module supports role-based and identity-based authentication
1
. There
are two main roles in the module (as required by FIPS 140-2) that
operators may assume: a Crypto Officer role and User role.
Crypto Officer Role
The Crypto Officer role has the ability to configure, manage, and monitor
the module. Three management interfaces can be used for this purpose:
• CLI – The Crypto Officer can use the CLI to perform non-security-
sensitive and security-sensitive monitoring and configuration. The
CLI can be accessed locally by using the console port or remotely
by using Telnet over IPSec or the SSHv2 secured management
session.
• SNMP – The Crypto Officer can use SNMPv3 to remotely perform
non-security-sensitive monitoring and configuration.
• Bootrom Monitor Mode – In Bootrom monitor mode, the Crypto
Officer can reboot, update the Bootrom, issue file system-related
commands, modify network parameters, and issue various show
commands. The Crypto Officer can only enter this mode by
pressing the key combination CTRL-C during the first five seconds
of initialization. It can also be entered if Bootrom cannot find a valid
software file.
Due to the different privilege levels (0-15) that can be assigned to each
user, the Crypto Officer role can be split into different types of
management users:
• Super Crypto Officer – Management users with a privilege level of
15 assume the Super Crypto Officer role. Since 15 is the highest
privilege level available, the Super Crypto Officer can issue all the
configuration and monitoring commands available through the CLI
and SNMP. Only the Super Crypto Officer can enter Bootrom
monitor mode.
• Junior Crypto Officer – Management users with a privilege level of
10 assume the Junior Crypto Officer role. The Junior Crypto Officer
can issue all monitoring commands with higher security level and
some configuration commands. Examples of commands are: show
running-config and show interfaces, and all SNMP show
commands.
© Copyright 2003 Enterasys Networks Page 11 of 25
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
1
Please note that overall the modules meet the level 2 requirements for Roles and Services.