Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Cisco Trust Anchor Technologies: Image Signing & Secure

advertisement 
Solution Overview
Cisco Trust Anchor Technologies: Image Signing & Secure
Boot Implementation Report
Cisco® Trust Anchor Technologies provide the foundation for Cisco trustworthy systems.
Secure Boot and signed images help ensure that the code running on Cisco hardware
platforms is authentic and unmodified.
Image signing: Cryptographically signed images help ensure that the firmware, basic input/output system (BIOS), and other
software are authentic and unmodified. These signatures provide a critical check so that only authentic, unmodified software
can be run. As the system boots, the signature is checked by an anchor of trust, helping to ensure the integrity of the system’s
software.
Secure Boot: Secure Boot takes image signing to the next level. It gives you stronger assurance about the integrity of the
hardware and software that are performing image checks and other critical system functions. It does this by anchoring the
boot sequence chain of trust to immutable hardware. And it assures that a system’s foundational state and the software that
is to be loaded cannot be modified, regardless of a user’s privilege level.
Image signing effectively mitigates persistent attacks. Secure Boot makes that protection even more robust. A device with
these characteristics offers a network administrator the ability to prevent man-in-the-middle replacements of software and
firmware. In addition, it provides layered protection against the persistence of illicitly modified firmware.
The tables below indicate which Cisco products currently support signed images and Secure Boot. Note that Secure Boot is
“Not applicable” to software-alone, because it is a hardware technology. Nevertheless, signed software will take advantage
of the chain of trust if the underlying hardware supports Secure Boot.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 11
Table 1.
Enterprise Routers
Product Family
Description
Contact
Secure
Boot
Signed
Image
ISR-800 series
Integrated Services Routers
ask-isrpm@cisco.com
No
Select
Models
ISR-1900, 2900, &
3900 series
Integrated Services Routers
ask-isrpm@cisco.com
No
Yes
ISR-4000 series
Integrated Services Routers
ask-isrpm@cisco.com
Yes
Yes
59xx
Embedded Services Routers
ask-isrpm@cisco.com
No
Yes
ASR-900 RSP3
Aggregation Services Router Route Switch
Processor 3
ask-asr901pm@cisco.com
Yes
No
ASR-920
Aggregation Services Routers
ask-asr920pm@cisco.com
Yes
No
ASR-1001X
Aggregation Services Routers
ask-asr1000pm@cisco.com
Yes
Yes
ASR-1002
Aggregation Services Routers
ask-asr1000pm@cisco.com
No
Yes
ASR-1002-X
Aggregation Services Routers
ask-asr1000pm@cisco.com
Yes
Yes
ASR-1004
Aggregation Services Routers
ask-asr1000pm@cisco.com
No
Yes
ASR-1006
Aggregation Services Router
ask-asr1000pm@cisco.com
No
Yes
CSR 1000V
Cloud Services Router
ask-csrpm@cisco.com
No
Yes
WAAS
Wide Area Application Services
ask-waasxpm@cisco.com
Not
applicable
(Software)
Yes
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 11
Table 2.
Enterprise Switches
Product Family
Description
Contact
Secure
Boot
Signed
Image
Cat 2960X
Cisco Catalyst Switches
ask-c2960pm@cisco.com
Yes
Yes
Cat 3650
Cisco Catalyst Switches
ask-c3650pm@cisco.com
Yes
Yes
Cat 3850
Cisco Catalyst Switches
ask-c3850pm@cisco.com
Yes
Yes
Cat4506-E
Cisco Catalyst Switches
ask-c4500pm@cisco.com
No
No
C4507RE,
C4507R+E
Cisco Catalyst Switches
ask-c4500pm@cisco.com
No
Yes
C4510RE-S7
Cisco Catalyst Switches
ask-c4500pm@cisco.com
No
Yes
C4510R+E
Cisco Catalyst Switches
ask-c4500pm@cisco.com
No
Yes
Cat 6800ia
Cisco Catalyst Switches
ask-c6500pm@cisco.com
Yes
Yes
Cat 6840-X
Cisco Catalyst Switches
ask-c6500pm@cisco.com
Yes
No
Cat 6880-X
Cisco Catalyst Switches
ask-c6500pm@cisco.com
Yes
Yes
Table 3.
Internet of Things (IoT) Devices
Product Family
Description
Contact
Secure
Boot
Signed
Image
CGR1120
Connected Grid Routers
ask-cgr1000pm@cisco.com
Yes
Yes
CGR1240
Connected Grid Routers
ask-cgr1000pm@cisco.com
Yes
Yes
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 11
CGR2010
Connected Grid Routers
ask-cgr1000pm@cisco.com
No
Yes
IR809G
Industrial Routers
ask-ir900pm@cisco.com
Yes
Yes
IR829GW
Industrial Routers
ask-ir900pm@cisco.com
Yes
Yes
IR910
Industrial Routers
ask-ir900pm@cisco.com
No
Yes
Table 4.
Data Center Nexus Switch Support
Product Family
Description
Contact
Secure
Boot
Signed
Image
Nexus 1000V
Nexus Switches
ask-nexus100vpm@cisco.com
No
Yes
N2K series
Nexus Switches
asknexus2000pm@cisco.com
No
Yes
N3K series
Nexus Switches
ask-nexus3000pm@cisco.com
Select
Models
Select
Models
N5K series
Nexus Switches
asknexus4000pm@cisco.com
No
Select
Models
N7K series
Nexus Switches
ask-nexus7000pm@cisco.com
No
Yes
N9K series
Nexus Switches
asknexus9000pm@cisco.com
Yes
Yes
asknexus9000pm@cisco.com
Not
applicable
(Software)
Yes
Cisco Nexus Data
Broker Software
Application
Network Traffic and Monitoring Software
Data Center Unified Computing Systems (UCS)
Product Family
Description
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 11
Contact
Secure Boot
Signed
Image
UCS Servers
Hardware
UCS UEFI Secure Boot hardware support for UEFI
authentication of Software images.
UCS Servers
Hardware
CIMC Secure Boot hardware support for Ciscosigned firmware updates
UCS B-Series
Blade Server
Software
Server Software
UCS C-Series
Rack-Mount
UCS-Managed
Server Software
Server Software
UCS C22 and C23
M3 Rack Server
Software
Server Software
UCS C200 M1
and M2 RackMount Server
Software
Server Software
UCS C210 M1
and M2 RackMount Server
Software
Server Software
UCS C220 M3
Rack Server
Software
Server Software
UCS C220 M4
Rack Server
Software
Software
UCS C240 M3
Rack Server
Software
Server Software
UCS C250 M1
and M2 RackMount Server
Software
Server Software
UCS C260 M2
Server Software
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 11
ask-ucspm@cisco.com
Select
Models
Select
Models
ask-ucspm@cisco.com
Select
Models
Select
Models
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
Not applicable
(Software)
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
Not applicable
Not
Yes
Rack-Mount
Server Software
(Software)
UCS C420 M3
Rack Server
Software
Server Software
UCS C460 M1
and M2 RackMount Server
Software
Server Software
UCS C460 M4
Rack Server
Software
Server Software
UCS E160D M1
Software
UCS Cisco Integrated Management Controller
Software
UCS Central
Software
Server Central Management and Automation
Software
UCS Director 4.0
UCS Unified Infrastructure Management Software
UCS Director 5.0
UCS Unified Infrastructure Management Software
UCS Director 5.1,
5.2, 5.3
UCS Unified Infrastructure Management Software
UCS
Performance
Manager
UCS Performance Management and Capacity
Planning Software
UCS Director
Express for Big
Data 1.0, 1.1
Hadoop Deployment Automation Software for
UCS
Table 5.
applicable
(Software)
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
ask-ucspm@cisco.com
Not
applicable
(Software)
Yes
Service Provider
Product Family
Description
Contact
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 11
Secure Boot
Signed Image
ASR-9K series
Aggregation Services
Routers
cBR-8
Converged
Broadband Routers
NCS 4202
Network
Convergence
Systems
ask-asr9kpm@cisco.com
Select Models
Yes
Yes
Yes
ask-ncspm@cisco.com
Yes
No
Network
Convergence
Systems
ask-ncspm@cisco.com
No
No
Network
Convergence
Systems
ask-ncspm@cisco.com
Yes
No
Network
Convergence
Systems
ask-ncspm@cisco.com
Yes
No
Network
Convergence
Systems
ask-ncspm@cisco.com
Yes
No
CRS-1
Carrier Routing
Systems
ask-crspm@cisco.com
No
Yes
ASR-9006
Aggregation Services
Routers
ask-asr9kpm@cisco.com
Yes
Yes
ASR-9010
Aggregation Services
Routers
ask-asr9kpm@cisco.com
Yes
Yes
ASR-9904
Aggregations
Services Routers
ask-asr9kpm@cisco.com
ASR-9922
Aggregation Services
Routers
ask-asr9kpm@cisco.com
Yes
Yes
ONS-15454
Multiservice
Provisioning
Platforms
Select Models
Select Models
Secure Boot
Signed Image
NCS 4206
NCS 4216
NCS 5508
NCS 6008
Table 6.
Security
Product Family
Description
Contact
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 11
ASA5506-X with
FirePOWER
Adaptive Security
Appliances
ASA5506W-X
Adaptive Security
Appliances
ASA5508-X with
FirePOWER
Adaptive Security
Appliances
ASA5516-X with
FirePOWER
ask-firepowerpm@cisco.com
Yes
Yes
Yes
Yes
ask-firepowerpm@cisco.com
Yes
Yes
Adaptive Security
Appliances
ask-firepowerpm@cisco.com
Yes
Yes
Cisco FirePOWER
9300 Security
Appliance
Adaptive Security
Appliances with
FirePOWER
ask-firepowerpm@cisco.com
Yes
Yes
Cisco Adaptive
Security Virtual
Appliance
Virtual Adaptive
Security Appliances
Not applicable
(Software)
Yes
FX-OS image for
FirePOWER
FirePOWER
eXtensible
Operating System
Not applicable
(Software)
Yes
AnyConnect
Secure Mobility
Client
Not applicable
(Software)
Yes
ISE
Identity Services
Engine
Not applicable
(Software)
Yes
Table 7.
ask-firepowerpm@cisco.com
Not applicable
(Software)
Phones
Product Familys
Description
Contact
Secure Boot
Signed Image
6901/6911/6921/6941/6961/6945
Phones
No
Yes
7911/7821/7841/7861
Phones
No
Yes
8941/8945
Phones
No
Yes
8831
Phone
No
Yes
8961/9951/9971
Phones
Yes
Yes
8811/8841/8851/8851NR/9961
Phones
Yes
Yes
8845/8865
Phones
Yes
Yes
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 11
Table 8.
Collaboration
Product Familys
Contact
Secure Boot
Signed Image
TelePresence
Servers
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
TelePresence
Servers
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
TelePresence
Server System
Software
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
Cisco TelePresence System Software for
the IX5000 and IX5200
TelePresence
System
Software
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
Cisco TelePresence Video
Communication Server and Expressway
series
TelePresence
Video
Communication
Server and
Expressway
Software
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
Cisco TelePresence Management Suite
14.6.2
TelePresence
Management
Suite Software
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
Cisco Desktop Collaboration Experience
Collaboration
Experience
Software
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
Unity
Connection
Software
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
Voice Gateway
Software
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
Cisco Unified
Call Manager
Software
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
Cisco TelePresence Server version 4.1
on 8710 and 7010 platforms
Cisco TelePresence Server version 4.1
on Media 310 and 320 platforms
Cisco TelePresence Server System
Software for CTS500-37,
CTS1000,CTS1100,CTS130065,CTS3000,CTS3010,CTS3200,CTS3210
Unity Connection 9.1
Voice Gateway
CUCM Versions: 8.5+
Description
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 11
Cisco Jabber for Mac and Windows
Table 9.
Jabber Instant
Messaging (IM),
voice, video,
voice
messaging,
desktop
sharing,
conferencing
Software
asktelepresencesales@cisco.com
Not applicable
(Software)
Yes
Cloud
Product Familys
ACI
Description
Contact
Secure Boot
Signed Image
Application
Centric
Infrastructure
Software
ask-acipm@cisco.com
Not applicable
(Software)
Yes
Intercloud Fabric Software
Hybrid cloud
Software
Not applicable
(Software)
Yes
Cisco Intelligent Automation
for Cloud
Intelligent
Automation
Software for
Cloud
Not applicable
(Software)
Yes
Cloud VPN Orchestration
Platform
Cloud VPN
orchestration
Software
Not applicable
(Software)
Yes
Table 10.
Management
Product Familys
Prime
Prime License Manager
Quantum Policy Suite
Description
Contact
Secure Boot
Signed Image
Network and
Services
Management
Software
ask-prime-networkpm@cisco.com
Not applicable
(Software)
Yes
Prime
License
Manager
Software
ask-prime-networkpm@cisco.com
Not applicable
(Software)
Yes
Not applicable
Yes
Policy Suite
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 11
Software
Cisco Security Manager
Table 11.
Security
Software
(Software)
askcsmanager@cisco.com
Not applicable
(Software)
Yes
Applications
Product Familys
Secure Boot
Signed Image
Emergency 9-1-1
enhancement
for Cisco Unified
Communications
Manager
Software
Not applicable
(Software)
Yes
Stadium Vision
Director
Software
Not applicable
(Software)
Yes
Energy Management
Controller
Energy
Management
Software
Not applicable
(Software)
Yes
Workforce Management
Workforce
Management
Software
Not applicable
(Software)
Yes
Cisco Digital Content
Manager
Digital Content
Manager
Software
Not applicable
(Software)
Yes
Broadband Access Center
for Telco Wireless
Broadband
Access Center
for Telco
Wireless
Software
Not applicable
(Software)
Yes
Cisco Emergency
Responder 10.5(1)
StadiumVision Director
Description
Contact
For More Information
Visit Trust Anchor Technologies.
Read more about Security and Trust at https://trust.cisco.com.
Send inquiries to ask-trustworthy@cisco.com or contact your local account representative.
Printed in USA
May 2016 v.2.0
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 11
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
10_2_1_2 Worksheet - Answer Security Policy Questions
10_2_1_2 Worksheet - Answer Security Policy Questions
Cisco Customer Outcome Enablement Program Terms Pilot Phase Updated: 10/05/2015
Cisco Customer Outcome Enablement Program Terms Pilot Phase Updated: 10/05/2015
Download
advertisement