Enterasys Networks XSR-1805 Network Router User Manual

Open as PDF

of 25

Firewall authorization

information for

network traffic that

flows through the

box.

configuration data. commands and

configuration data.

Table 4 – Crypto Officer Services, Descriptions, Inputs and Outputs, and CSPs

User Role

The User role accesses the module’s IPSec and IKE services. Service

descriptions, inputs and outputs, and CSPs are listed in the following

table:

Service Description Input Output CSP

IKE Access the module IKE

functionality to

authenticate to the

module and negotiate IKE

and IPSec session keys

IKE inputs and data IKE outputs,

status, and data

RSA key pair for

IKE (read

access); Diffie-

Hellman key

pair for IKE

(read and write

access); pre-

shared keys for

IKE (read

access)

IPSec Access the module’s

IPSec services in order to

secure network traffic

IPSec inputs,

commands, and

data

IPSec outputs,

status, and data

Session keys for

IPSec (read and

write access)

Table 5 – User Services, Descriptions, Inputs and Outputs

Authentication Mechanisms

The module supports role-based and identity-based authentication. Role-

based authentication is performed before the Super Crypto Officer enters

Bootrom monitor mode and authenticates with just a password (and no

user ID). Identity-based authentication is performed for all other types of

Crypto Officer and User authentication. These include password-based

authentication, RSA-based authentication, and HMAC-based

authentication mechanisms.

The estimated strength of each authentication mechanism is described

below.

Authentication Type Role Strength

Password-based

authentication (CLI, SNMP,

and Bootrom monitor mode)

Crypto Officer Passwords are required to be at least six

characters long. Numeric, alphabetic (upper

and lowercase), and keyboard and

extended characters can be used, which

gives a total of 95 characters to choose

from. Considering only the case-insensitive

alphabet using a password with repetition,

the number of potential passwords is 26^6.

RSA-based authentication

(IKE)

User RSA signing and verification is used to

authenticate to the module durin

IKE. This

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Enterasys Networks XSR-1805 Network Router User Manual