Enterasys Networks XSR-1850, XSR-1805, XSR-3250 manual Copyright 2003 Enterasys Networks Page 19

Page 19

If the master encryption key is generated within the module, the module outputs the key to the console as soon as the key is generated in order for the Crypto Officer to note down and store the key securely outside of the module. This is required, since the Crypto Officer must enter the current key before changing or removing it. The master secret key can only be configured through the serial console or over an SSH tunnel.

Key Storage

The three-key Triple-DES key encryption key used to encrypt the master encryption key is hard-coded in plaintext form. The master encryption key is stored encrypted in the extended NVRAM of the Real Time Clock chip. This 3-key Triple-DES key is used to encrypt the user data, certificates, and host key database files (user.dat, cert.dat and hostkey.dat) stored in Flash. Hostkey.dat contains the DSA host key pair, cert.dat contains the certificates (including the module’s RSA key pair), and user.dat contains all other CSPs set for the users (pre-shared keys and passwords).

The master encryption key is also used to encrypt the load test HMAC SHA-1 key, which is also stored in the NVRAM of the Real Time Clock chip.

The CLI passwords are stored in plaintext form in the startup-config file in Flash. The SNMP passwords are stored in plaintext form in the private- config file in Flash. The Bootrom password is stored in NVRAM of the Real Time Clock.

Session keys are stored in plaintext form in RAM.

Key Zeroization

The CSPs contained within the database files and the load test HMAC SHA-1 key do not need to be zeroized, since they are encrypted with the master encryption key. The master encryption key can be zeroized by either overwriting the key with a new one, removing it through the CLI, or by pressing the default configuration button (XSR-18xx only) or entering the bootrom password incorrectly five times (XSR-3250). Pressing this button reboots the module and enforces default configuration. The hard- coded key encryption key used to encrypt the master encryption key can be zeroized by formatting the Flash file system or CompactFlash card.

Passwords can be zeroized by overwriting them with new ones or by pressing the default configuration button (XSR-18xx only).

Session keys can be zeroized by rebooting the module.

© Copyright 2003 Enterasys Networks Page 19 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Page 18 Page 20
Image 19
Page 18 Page 20
Contents Fips 140-2 Non-Proprietary Security Policy Table of Contents Copyright 2003 Enterasys Networks Page 3 PurposeReferences Document OrganizationCopyright 2003 Enterasys Networks Page 4 Copyright 2003 Enterasys Networks Page 5 OverviewCryptographic Module Copyright 2003 Enterasys Networks Page 7 Copyright 2003 Enterasys Networks Page 8 Module InterfacesEMI/EMC Self-tests Design Assurance Mitigation of Other AttacksCopyright 2003 Enterasys Networks Page 9 Copyright 2003 Enterasys Networks Page 10 Module Physical Ports Fips 140-2 Logical InterfaceCopyright 2003 Enterasys Networks Page 11 Roles and ServicesSnmp SSHVPN IKE Authenticate to the module during IKE. ThisCopyright 2003 Enterasys Networks Page 14 Mechanism is as strong as the RSA Algorithm using a 1024 bit key pairPhysical Security Operational EnvironmentCryptographic Key Management Fips 186-2 Prng Copyright 2003 Enterasys Networks Page 18 Copyright 2003 Enterasys Networks Page 19 Copyright 2003 Enterasys Networks Page 20 Self-TestsMitigation of Other Attacks Design AssuranceCopyright 2003 Enterasys Networks Page 21 Copyright 2003 Enterasys Networks Page 22 Crypto Officer GuidanceCopyright 2003 Enterasys Networks Page 23 Enter copy running-config startup-configCopyright 2003 Enterasys Networks Page 24 User GuidanceCopyright 2003 Enterasys Networks Page 25 XSR
Top Page Image Contents