Transcription

Cisco 3825 and Cisco 3845 Integrated ServicesRouters FIPS 140-2 Non Proprietary SecurityPolicyLevel 2 ValidationVersion 1.1November 1, 2005IntroductionThis document is the non-proprietary Cryptographic Module Security Policy for the Cisco 3825 andCisco 3845 Integrated Services Routers without an AIM card installed. This security policy describeshow the Cisco 3825 and Cisco 3845 Integrated Services Routers (Hardware Version: Cisco 3825 orCisco 3845; Firmware Version: IOS 12.3(11)T03) meet the security requirements of FIPS 140-2, andhow to operate the router with on-board crypto enabled in a secure FIPS 140-2 mode. This policy wasprepared as part of the Level 2 FIPS 140-2 validation of the Cisco 3825 and Cisco 3845 IntegratedServices Routers.FIPS 140-2 (Federal Information Processing Standards Publication 140-2—Security Requirements forCryptographic Modules) details the U.S. Government requirements for cryptographic modules. Moreinformation about the FIPS 140-2 standard and validation program is available on the NIST website athttp://csrc.nist.gov/cryptval/.This document contains the following sections: Introduction, page 1 Cisco 3825 and Cisco 3845 Routers, page 2 Secure Operation of the Cisco 3825 or Cisco 3845 router, page 23 Related Documentation, page 24 Obtaining Documentation, page 25 Documentation Feedback, page 26 Cisco Product Security Overview, page 26 Obtaining Technical Assistance, page 27Corporate Headquarters:Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2005 Cisco Systems, Inc. All rights reserved.

Cisco 3825 and Cisco 3845 Routers Obtaining Additional Publications and Information, page 28ReferencesThis document deals only with operations and capabilities of the Cisco 3825 and Cisco 3845 routers inthe technical terms of a FIPS 140-2 cryptographic module security policy. More information is availableon the routers from the following sources: The Cisco Systems website contains information on the full line of Cisco Systems routers. Pleaserefer to the following ters/index.html For answers to technical or sales related questions please refer to the contacts listed on the CiscoSystems website at www.cisco.com. The NIST Validated Modules website (http://csrc.nist.gov/cryptval) contains contact informationfor answers to technical or sales-related questions for the module.TerminologyIn this document, the Cisco 3825 or Cisco 3845 routers are referred to as the router, the module, or thesystem.Document OrganizationThe Security Policy document is part of the FIPS 140-2 Submission Package. In addition to thisdocument, the Submission Package contains: Vendor Evidence document Finite State Machine Other supporting documentation as additional referencesThis document provides an overview of the routers and explains their secure configuration andoperation. This introduction section is followed by the “Cisco 3825 and Cisco 3845 Routers” section onpage 2, which details the general features and functionality of the router. The “Secure Operation of theCisco 3825 or Cisco 3845 router” section on page 23 specifically addresses the required configurationfor the FIPS-mode of operation.With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation SubmissionDocumentation is Cisco-proprietary and is releasable only under appropriate non-disclosure agreements.For access to these documents, please contact Cisco Systems.Cisco 3825 and Cisco 3845 RoutersBranch office networking requirements are dramatically evolving, driven by web and e-commerceapplications to enhance productivity and merging the voice and data infrastructure to reduce costs. TheCisco 3825 and Cisco 3845 routers provide a scalable, secure, manageable remote access server thatmeets FIPS 140-2 Level 2 requirements. This section describes the general features and functionalityprovided by the routers. The following subsections describe the physical characteristics of the routers.Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy2OL-8662-01

Cisco 3825 and Cisco 3845 RoutersThe Cisco 3825 Cryptographic Module Physical CharacteristicsFigure 1The Cisco 3825 Router CaseRCOMPACTFLASH1SYSAUXACTRPSIP PWRAIM0AIM1PVDM0PVDM1PVDM21170400PVDM3The Cisco 3825 Router is a multiple-chip standalone cryptographic module. The router has a processingspeed of 500MHz. Depending on configuration, either the internal Safenet chip or the IOS software isused for cryptographic operations.The cryptographic boundary of the module is the device's case. All of the functionality discussed in thisdocument is provided by components within this cryptographic boundary.The interface for the router is located on the rear and front panels as shown in Figure 2 and Figure 3,respectively.Figure 2Cisco 3825 Rear Panel Physical Interfaces1NMDESW362FastEthernet 100/100017xBase-Tx0x35x 17xNMESW1634x 16x33x 15x32x 14x31x 13x30x 12x29x 11x28x 10x27x x 3x20x2x19x1x18x0xCONSOLEFastEthernet Ports15x8xExtPwrEN7x126x0x15x 7x14x 6x13x5x12x34x11x 3x10x 2x9x1x8x0xHWICHWIC32HWICHWIC104567SPDGE 0/1 LNKCisco 3825AUX8SPDGE 0/0 LNK9SFP10Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security PolicyOL-8662-0131168422

Cisco 3825 and Cisco 3845 RoutersFigure 3Cisco 3825 Front Panel Physical Interfaces213456100-240 V 3A50/60 Hz10SYSACTSYSPWRRPSAUXPWRAIM0AIM1PVDM0 PVDM1 PVDM2 PVDM3116841COMPACT FLASHCFDO NOT REMOVE DURING NETWORK OPERATIONThe Cisco 3825 router features a console port, auxiliary port, dual Universal Serial Bus (USB) ports,four high-speed WAN interface card (HWIC) slots, two 10/100/1000 Gigabit Ethernet RJ45 ports, twoEnhanced Network Module (ENM) slots, small form factor pluggable (SFP), redundant power supply(RPS) inlet, power inlet, and Compact Flash (CF) drive. The Cisco 3825 router supports two internaladvanced integration modules (AIMs)1, and two Ethernet connections. Figure 2 shows the rear panel andFigure 3 shows the front panel. The front panel consists of 12 LEDs: CF LED, SYS LED, ACT LED,SYS PWR LED, RPS LED, AUX PWR LED, AIM0 LED, AIM1 LED, PVDM0 LED, PVDM1 LED,PVDM2 LED, and PVDM3 LED. The back panel contains LEDs to indicate the status of the GE ports.The front panel contains the following: LEDs Power switch Power input CF drive USB portsThe rear panel contains the following: HWIC/WIC/VIC slots 0 and 1 Console port Auxiliary port GE ports ENM Ports SFP PortTable 1 and Table 2 provide more detailed information conveyed by the LEDs on the front and rear panelof the router:1. However, an AIM module may not be installed in accordance with this security policy. There is a separatesecurity policy covering the Cisco 3825 and Cisco 3845 routers with AIM module installed.Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy4OL-8662-01

Cisco 3825 and Cisco 3845 RoutersTable 1Cisco 3825 Front Panel IndicatorsNameStateDescriptionSystemSolid GreenNormal System Operation.Blinking GreenBooting or in ROM monitor (ROMMON) mode.AmberPowered, but malfunctioning.OffRouter is not receiving power.GreenPower supply present and enabled.AmberPower supply present and off or with failure.OffPower supply not present.System PowerAuxiliary Power GreenIndicates IP phone power supply present.AmberIndicates IP phone power supply present.OffIP phone power supply not present.RedundantPower SupplyGreenSystem running on RPS PSU.OffSystem running on primary PSU.ActivityGreenSolid or blinking indicates packet activity.OffNo interrupts or packet transfer occurring.Solid GreenCompact Flash present and enabled.Blinking GreenCompact Flash accessed.OffCompact Flash not present.GreenPVDM3 installed and initialized.AmberPVDM3 installed and initialized error.OffPVDM3 not installed.GreenPVDM2 installed and initialized.AmberPVDM2 installed and initialized error.OffPVDM2 not installed.GreenPVDM1 installed and initialized.AmberPVDM1 installed and initialized error.OffPVDM1 not installed.GreenPVDM0 installed and initialized.AmberPVDM0 installed and initialized error.OffPVDM0 not installed.GreenAIM1 present and enabled.AmberAIM1 present with failure.OffAIM1 not installed.GreenAIM0 present and enabled.AmberAIM0 present with failure.OffAIM0 not installed.Compact FlashPVDM3PVDM2PVDM1PVDM0AIM1AIM0Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security PolicyOL-8662-015

Cisco 3825 and Cisco 3845 RoutersTable 2Cisco 3825 Rear Panel IndicatorsNameStateDescriptionSpeedGreen (Blinking)Blinking frequency indicates port speed.LinkSolid GreenEthernet link is establishedOffNo link establishedTable 3 describes the meaning of Ethernet LEDs on the rear panel:Table 3Cisco 3825 Ethernet IndicatorsNameStateDescriptionDuplexSolid GreenFull-DuplexOffHalf-DuplexSolid Green100 MbpsOff10 MbpsSolid GreenEthernet link is establishedOffNo link establishedSpeedLinkThe physical interfaces are separated into the logical interfaces from FIPS 140-2 as described in Table 4:Table 4Cisco 3825 FIPS 140-2 Logical InterfacesRouter Physical InterfaceFIPS 140-2 Logical Interface10/100/1000 Ethernet LAN PortsData Input InterfaceHWIC PortsConsole PortAuxiliary PortENM SlotsSFP10/100/1000 Ethernet LAN PortsData Output InterfaceHWIC PortsConsole PortAuxiliary PortENM SlotsSFPCisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy6OL-8662-01

Cisco 3825 and Cisco 3845 RoutersTable 4Cisco 3825 FIPS 140-2 Logical Interfaces (Continued)10/100/1000 Ethernet LAN PortsControl Input InterfaceHWIC PortsConsole PortAuxiliary PortENM SlotsSFP10/100/1000 Ethernet LAN LEDsSFP LEDStatus Output InterfaceAIM LEDsPVDM LEDsPower LEDSystem Activity LEDSystem LEDCompact Flash LEDAuxiliary Power LEDRPS LEDConsole PortAuxiliary PortPower PlugPower InterfaceRedundant Power Supply PlugThere are two USB ports but they are not supported currently. The ports will be supported in the futurefor smartcard or token reader.The CF card that stored the IOS image is considered an internal memory module, because the IOS imagestored in the card may not be modified or upgraded. The card itself must never be removed from thedrive. Tamper evident seal will be placed over the card in the drive.Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security PolicyOL-8662-017

Cisco 3825 and Cisco 3845 RoutersThe Cisco 3845 Cryptographic Module Physical CharacteristicsThe Cisco 3845 Router Case117045Figure 4The Cisco 3845 router with on-board crypto enabled is a multiple-chip standalone cryptographicmodule. The router has a processing speed of 650MHz. Depending on configuration, either the internalSafenet chip or the IOS software is used for cryptographic operations.The cryptographic boundary of the module is the device's case. All of the functionality discussed in thisdocument is provided by components within this cryptographic boundary.The interfaces for the router are located on the front and rear panel as shown in Figure 5 and Figure 6,respectively.Figure 5Cisco 3845 Front Panel Physical Interfaces2311684314Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy8OL-8662-01

Cisco 3825 and Cisco 3845 RoutersFigure 61Cisco 3845 Rear Panel Physical Interfaces3245768GE 0/1CONSOLESPD1SPD09HWIC 3HWIC 1HWIC 2PVDM 3PVDM 2PVDM 1 PVDM 0AIM 1AIM 0LNKHWIC 0SFPCFAUXLNKGE 0/0Do Not Remove During Network Operation3CISCO38454116844121011121314The Cisco 3845 router features a console port, auxiliary port, dual Universal Serial Bus (USB) ports,four high-speed WAN interface card (HWIC) slots, two 10/100/1000 Gigabit Ethernet RJ45 ports, fourEnhanced Network Module (ENM) slots, small form factor pluggable (SFP), power inlets, and CompactFlash (CF) drive. The Cisco 3845 router supports two internal advanced integration modules (AIMs)1,and two Ethernet connections. Figure 5 shows the front panel and Figure 6 shows the rear panel. Thefront panel consists of 7 LEDs: CF LED, PVDM0 LED, PVDM1 LED, PVDM2 LED, PVDM3 LED,AIM0 LED, and AIM1 LED. The back panel consists of 6 LEDs: SYS LED, ACT LED, SYS PWR1LED, AUX PWR1 LED, SYS PWR2 LED, and AUX PWR2 LED.The front panel contains the following: LEDs Power switch Power inputThe rear panel contains the following: CF drive USB ports Console and Auxiliary ports HWIC ports LEDs HWIC ports GE ports SFP port ENM slotsTable 5 provides more detailed information conveyed by the LEDs on the front of the router:1. However, an AIM module may not be installed in accordance with this security policy. There is a separatesecurity policy covering the Cisco 3825 and Cisco 3845 routers with AIM module installed.Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security PolicyOL-8662-019

Cisco 3825 and Cisco 3845 RoutersTable 5Cisco 3845 Front Panel IndicatorsNameStateDescriptionSystemSolid GreenNormal System Operation.Blinking GreenBooting or in ROM monitor (ROMMON) mode.AmberPowered, but malfunctioning.OffRouter is not receiving power.GreenPower1 supply present and enabled.AmberPower1 supply present and off or with failure.OffPower1 supply not present.GreenIndicates IP phone power1 supply present.AmberIndicates IP phone power1 supply present.OffIP phone power1 supply not present.GreenPower2 supply present and enabled.AmberPower2 supply present and off or with failure.OffPower2 supply not present.GreenIndicates IP phone power2 supply present.AmberIndicates IP phone power2 supply present.OffIP phone power2 supply not present.GreenSolid or blinking indicates packet activity.OffNo interrupts or packet transfer occurring.Solid GreenCompact Flash present and enabled.Blinking GreenCompact Flash accessed.OffCompact Flash not present.GreenPVDM3 installed and initialized.AmberPVDM3 installed and initialized error.OffPVDM3 not installed.GreenPVDM2 installed and initialized.AmberPVDM2 installed and initialized error.OffPVDM2 not installed.GreenPVDM1 installed and initialized.AmberPVDM1 installed and initialized error.OffPVDM1 not installed.GreenPVDM0 installed and initialized.AmberPVDM0 installed and initialized error.OffPVDM0 not installed.System Power1AuxiliaryPower1System Power2AuxiliaryPower2ActivityCompact FlashPVDM3PVDM2PVDM1PVDM0Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy10OL-8662-01

Cisco 3825 and Cisco 3845 RoutersTable 5Cisco 3845 Front Panel Indicators (Continued)AIM1AIM0GreenAIM1 present and enabled.AmberAIM1 present with failure.OffAIM1 not installed.GreenAIM0 present and enabled.AmberAIM0 present with failure.OffAIM0 not installed.Table 6 describes the meaning of Ethernet LEDs on the front panel:Table 6Cisco 3845 Ethernet IndicatorsNameStateDescriptionSpeedOne BlinkingGreen10 MbpsTwo BlinkingGreen1000Mbps100 MbpsThree BlinkingGreenLinkSFPSolid GreenEthernet link is establishedOffNo link establishedSolid GreenSFP fiber link is establishedOffNo link establishedThe physical interfaces are separated into the logical interfaces from FIPS 140-2 as described in Table 7:Table 7Cisco 3845 FIPS 140-2 Logical InterfacesRouter Physical InterfaceFIPS 140-2 Logical Interface10/100/1000 Ethernet LAN PortsData Input InterfaceHWIC PortsConsole PortAuxiliary PortENM SlotsSFP10/100/1000 Ethernet LAN PortsData Output InterfaceHWIC PortsConsole PortAuxiliary PortENM SlotsSFPCisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security PolicyOL-8662-0111

Cisco 3825 and Cisco 3845 RoutersTable 7Cisco 3845 FIPS 140-2 Logical Interfaces (Continued)10/100/1000 Ethernet LAN PortsControl Input InterfaceHWIC PortsConsole PortAuxiliary PortENM SlotsSFP10/100/1000 Ethernet LAN LEDsSFP LEDStatus Output InterfaceAIM LEDsPVDM LEDsSystem Power LEDsSystem Activity LEDSystem LEDCompact Flash LEDAuxiliary Power LEDsConsole PortAuxiliary PortPower PlugPower InterfaceThere are two USB ports but they are not supported currently. The ports will be supported in the futurefor smartcard or token reader.The CF card that stored the IOS image is considered an internal memory module. The reason is the IOSimage stored in the card cannot be modified or upgraded. The card itself must never be removed fromthe drive. Tamper evident seal will be placed over the card in the drive.Roles and ServicesAuthentication in Cisco 3825 and Cisco 3845 is role-based. There are two main roles in the router thatoperators can assume: the Crypto Officer role and the User role. The administrator of the router assumesthe Crypto Officer role in order to configure and maintain the router using Crypto Officer services, whilethe Users exercise only the basic User services. The module supports RADIUS and TACACS forauthentication. A complete description of all the management and configuration capabilities of the routercan be found in the Performing Basic System Management manual and in the online help for the router.User ServicesUsers enter the system by accessing the console port with a terminal program or via IPSec protectedtelnet or SSH session to a LAN port. The IOS prompts the User for username and password. If thepassword is correct, the User is allowed entry to the IOS executive program.Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy12OL-8662-01

Cisco 3825 and Cisco 3845 RoutersThe services available to the User role consist of the following: Status Functions—View state of interfaces and protocols, version of IOS currently running. Network Functions—Connect to other network devices through outgoing telnet, PPP, etc. andinitiate diagnostic network services (i.e., ping, mtrace). Terminal Functions—Adjust the terminal session (e.g., lock the terminal, adjust flow control). Directory Services—Display directory of files kept in flash memory.Crypto Officer ServicesDuring initial configuration of the router, the Crypto Officer password (the “enable” password) isdefined. A Crypto Officer can assign permission to access the Crypto Officer role to additional accounts,thereby creating additional Crypto Officers.The Crypto Officer role is responsible for the configuration and maintenance of the router. The CryptoOfficer services consist of the following: Configure the router—Define network interfaces and settings, create command aliases, set theprotocols the router will support, enable interfaces and network services, set system date and time,and load authentication information. Define Rules and Filters—Create packet Filters that are applied to User data streams on eachinterface. Each Filter consists of a set of Rules, which define a set of packets to permit or deny basedcharacteristics such as protocol ID, addresses, ports, TCP connection establishment, or packetdirection. View Status Functions—View the router configuration, routing tables, active sessions, use gets toview SNMP MIB statistics, health, temperature, memory status, voltage, packet statistics, reviewaccounting logs, and view physical interface status. Manage the router—Log off users, shutdown or reload the outer, manually back up routerconfigurations, view complete configurations, manager user rights, and restore routerconfigurations. Set Encryption/Bypass—Set up the configuration tables for IP tunneling. Set keys and algorithmsto be used for each IP range or allow plaintext packets to be set from specified IP address.Physical SecurityThe router is entirely encased by a metal, opaque case. The rear of the unit contains auxiliary port,console port, Gigabit Ethernet ports, HWIC ports, and ENM slots. The front of the unit contains USBconnectors, CF drive, power inlets, power switch, and LEDs. The top, side, and front portion of thechassis can be removed to allow access to the motherboard, memory, AIM slots, and expansion slots.Once the router has been configured in to meet FIPS 140-2 Le