beautypg.com

Roles and services, Crypto officer role, Oles and – Enterasys Networks XSR-1805 User Manual

Page 11: Ervices

background image

Roles and Services

The module supports role-based and identity-based authentication

1

. There

are two main roles in the module (as required by FIPS 140-2) that
operators may assume: a Crypto Officer role and User role.

Crypto Officer Role

The Crypto Officer role has the ability to configure, manage, and monitor
the module. Three management interfaces can be used for this purpose:

• CLI – The Crypto Officer can use the CLI to perform non-security-

sensitive and security-sensitive monitoring and configuration. The
CLI can be accessed locally by using the console port or remotely
by using Telnet over IPSec or the SSHv2 secured management
session.

• SNMP – The Crypto Officer can use SNMPv3 to remotely perform

non-security-sensitive monitoring and configuration.

• Bootrom Monitor Mode – In Bootrom monitor mode, the Crypto

Officer can reboot, update the Bootrom, issue file system-related
commands, modify network parameters, and issue various show
commands. The Crypto Officer can only enter this mode by
pressing the key combination CTRL-C during the first five seconds
of initialization. It can also be entered if Bootrom cannot find a valid
software file.

Due to the different privilege levels (0-15) that can be assigned to each
user, the Crypto Officer role can be split into different types of
management users:

• Super Crypto Officer – Management users with a privilege level of

15 assume the Super Crypto Officer role. Since 15 is the highest
privilege level available, the Super Crypto Officer can issue all the
configuration and monitoring commands available through the CLI
and SNMP. Only the Super Crypto Officer can enter Bootrom
monitor mode.

• Junior Crypto Officer – Management users with a privilege level of

10 assume the Junior Crypto Officer role. The Junior Crypto Officer
can issue all monitoring commands with higher security level and
some configuration commands. Examples of commands are: show
running-config and show interfaces, and all SNMP show
commands.

© Copyright 2003

Enterasys Networks

Page 11 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

1

Please note that overall the modules meet the level 2 requirements for Roles and Services.

This manual is related to the following products:
See also other documents in the category Enterasys Networks Hardware: