Filter
Top Products
• Read-only Crypto Officer – Management users with privilege level
zero assume the Read-only Crypto Officer role. The Read-only
Crypto Officer can only issue monitoring commands with low
security level. Examples of commands are: show version and show
clock.
Descriptions of the services available to the Crypto Officer role are
provided in the table below.
Service Description Input Output Critical Security
Parameter (CSP)
Access
SSH
Provide
authenticated and
encrypted remote
management
sessions while
using the CLI
SSH key
agreement
parameters, SSH
inputs, and data
SSH outputs and
data
DSA (SSHv2) host
key pair (read
access), Diffie-
Hellman key pair
(read/write
access), session
key for SSH
(read/write
access), PRNG
keys (read
access); Crypto
Officer’s password
(read access)
IKE/IPSec Provide
authenticated and
encrypted remote
management
sessions while
using Telnet to
access the CLI
functionality
IKE inputs and
data; IPSec inputs,
commands, and
data
IKE outputs,
status, and data;
IPSec outputs,
status, and data
RSA key pair for
IKE (read access),
Diffie-Hellman key
pair for IKE
(read/write
access), pre-
shared keys for
IKE (read access);
Session keys for
IPSec (read/write
access)
SNMP Non-security-
sensitive
monitoring and
configuration using
SNMPv3 (with
standard MIB-II
and proprietary
MIB support)
Commands and
configuration data
Status of
commands,
configuration data
Crypto Officer’s
SNMP password
(read/write access)
Bootrom Monitor
Mode
Reboot, update the
Bootrom, issue file
system-related
commands, modify
network
parameters, and
issue various show
commands
Commands and
configuration data
Status of
commands,
configuration data
Crypto Officer’s
Bootrom password
(read/write access)
Configuring
Network
Create or specify
master encr
yp
tion
Commands and
configuration data
Status of
commands and
Master encryption
ke
y
(
read/write
© Copyright 2003 Enterasys Networks Page 12 of 25
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.