© Copyright 2011 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
10
Functions (r, w,
x, z)
through SSH, telnet, PPP, etc. and
initiate diagnostic network services
(i.e., ping, mtrace).
shared secret, DH private
exponent, SSH Private key, SSH
session key
Terminal
Functions
Adjust the terminal session (e.g., lock
the terminal, adjust flow control).
N/A
Directory
Services
Display directory of files kept in flash
memory.
N/A
Perform Self-
Tests
Perform the FIPS 140 start-up tests on
demand
N/A
Table 4 - User Services
b. Crypto Officer Services
During initial configuration of the router, the Crypto Officer password (the “enable” password) is
defined. A Crypto Officer can assign permission to access the Crypto Officer role to additional
accounts, thereby creating additional Crypto Officers.
The Crypto Officer role is responsible for the configuration and maintenance of the router. Just
like the User, the Crypto Officer can access the router via the console port or via SSH session.
The Crypto Officer services consist of the following:
Services & Access
Description
Keys & CSPs
Configure the router
(r, w, z)
Define network interfaces and
settings, create command aliases, set
the protocols the router will support,
enable interfaces and network
services, set system date and time, and
load authentication information.
User password, Enable
password, RADIUS secret,
secret, DH shared
secret, Router Authentication
key, PPP authentication key,
SSH private key
Define Rules and
Filters
Create packet Filters that are applied
to User data streams on each interface.
Each Filter consists of a set of Rules,
which define a set of packets to permit
or deny based on characteristics such
as protocol ID, addresses, ports, TCP
connection establishment, or packet
direction.
N/A
View Status
Functions (r, x)
View the router configuration, routing
tables, active sessions, use gets to
view SNMP MIB statistics, health,
temperature, memory status, voltage,
packet statistics, review accounting
logs, and view physical interface
User password, Enable
password, RADIUS secret,
secret, DH shared
secret, Router Authentication
key, PPP authentication key,
SSH private key