beautypg.com

Enterasys Networks XSR-1805 User Manual

Page 12

background image

• Read-only Crypto Officer – Management users with privilege level

zero assume the Read-only Crypto Officer role. The Read-only
Crypto Officer can only issue monitoring commands with low
security level. Examples of commands are: show version and show
clock.

Descriptions of the services available to the Crypto Officer role are
provided in the table below.

Service

Description

Input

Output

Critical Security
Parameter (CSP)
Access

SSH

Provide
authenticated and
encrypted remote
management
sessions while
using the CLI

SSH key
agreement
parameters, SSH
inputs, and data

SSH outputs and
data

DSA (SSHv2) host
key pair (read
access), Diffie-
Hellman key pair
(read/write
access), session
key for SSH
(read/write
access), PRNG
keys (read
access); Crypto
Officer’s password
(read access)

IKE/IPSec Provide

authenticated and
encrypted remote
management
sessions while
using Telnet to
access the CLI
functionality

IKE inputs and
data; IPSec inputs,
commands, and
data

IKE outputs,
status, and data;
IPSec outputs,
status, and data

RSA key pair for
IKE (read access),
Diffie-Hellman key
pair for IKE
(read/write
access), pre-
shared keys for
IKE (read access);
Session keys for
IPSec (read/write
access)

SNMP Non-security-

sensitive
monitoring and
configuration using
SNMPv3 (with
standard MIB-II
and proprietary
MIB support)

Commands and
configuration data

Status of
commands,
configuration data

Crypto Officer’s
SNMP password
(read/write access)

Bootrom Monitor
Mode

Reboot, update the
Bootrom, issue file
system-related
commands, modify
network
parameters, and
issue various show
commands

Commands and
configuration data

Status of
commands,
configuration data

Crypto Officer’s
Bootrom password
(read/write access)

Configuring
Network

Create or specify
master encryption

Commands and
configuration data

Status of
commands and

Master encryption
key (read/write

© Copyright 2003

Enterasys Networks

Page 12 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

This manual is related to the following products:
See also other documents in the category Enterasys Networks Hardware: