7
Cisco 3640 Modular Access Router Security Policy
78-13835-01
Cisco 3640 Modular Access Routers
At the highest level, Crypto Officer services include the following:
·
Configure the router: define network interfaces and settings, create command aliases, set the
protocols the router will support, enable interfaces and network services, set system date and time,
load authentication information, etc.
·
Define Rules and Filters: create packet Filters that are applied to User data streams on each interface.
Each Filter consists of a set of Rules, which define a set of packets to permit or deny based
characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet
direction.
·
Status Functions: view the router configuration, routing tables, active sessions, use Gets to view
SNMP MIB II statistics, health, temperature, memory status, voltage, packet statistics, review
accounting logs, and view physical interface status
·
Manage the router: log off users, shutdown or reload the router, manually back up router
configurations, view complete configurations, manager user rights, restore router configurations,
etc.
·
Set Encryption/Bypass: set up the configuration tables for IP tunneling. Set keys and algorithms to
be used for each IP range or allow plaintext packets to be set from specified IP address.
·
Change Network Modules: insert and remove modules in the network module slot as described in
Section 3.1, Number 2 of this document.
·
Change WAN Interface Cards: insert and remove modules in the network module slot as described
in Section 3.1, Number 3 of this document.
A complete description of all the management and configuration capabilities of the Cisco 3640 router
can be found in the Performing Basic System Management manual and in the online help for the router.
User Services
A User enters the system by accessing the console port with a terminal program. The IOS prompts the
User for their password. If it matches the plaintext password stored in IOS memory, the User is allowed
entry to the IOS executive program. The services available to the User role include:
At the highest level, User services include the following:
·
Status Functions: view state of interfaces, state of layer 2 protocols, version of IOS currently
running
·
Network Functions: connect to other network devices through outgoing telnet, PPP, etc. and initiate
diagnostic network services (i.e., ping, mtrace)
·
Terminal Functions: adjust the terminal session (e.g., lock the terminal, adjust flow control)
·
Directory Services: display directory of files kept in flash memory
Physical Security
The router is entirely encased by a thick steel chassis. The rear of the unit provides 4 Network Module
slots, on-board LAN connectors, the power cable connection and a power switch. The top portion of the
chassis may be removed to allow access to the motherboard, memory, and expansion slots. See Figure 3.