Enterasys Networks XSR-1805, XSR-1850 User Guidance, Copyright 2003 Enterasys Networks Page 24

Page 24

Dial backup access must be disabled.

Syslog remote logging must be disabled.

VPN services can only be provided by IPSec or L2TP over IPSec.

Only SNMPv3 can be enabled.

If cryptographic algorithms can be set for services (such as IKE/IPSec and SNMP), only FIPS-approved algorithms can be specified. These include the following:

oAES

oTriple-DES

oDES

oSHA-1

oHMAC SHA-1

oDSA

oRSA signature and verification

FTP and TFTP can only be used to load valid software files. (FTP and TFTP over IPSec can be used to transfer configuration files.)

The module logs must be monitored. If a strange activity is found, the Crypto Officer should take the module off line and investigate.

The tamper-evident labels must be regularly examined for signs of tampering.

User Guidance

The User accesses the module VPN functionality as an IPSec client. Although outside the boundary of the module, the User should be careful not to provide authentication information and session keys to other parties.

© Copyright 2003 Enterasys Networks Page 24 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Page 23 Page 25
Image 24
Page 23 Page 25
Contents Fips 140-2 Non-Proprietary Security Policy Table of Contents Purpose ReferencesDocument Organization Copyright 2003 Enterasys Networks Page 3Copyright 2003 Enterasys Networks Page 4 Overview Copyright 2003 Enterasys Networks Page 5Cryptographic Module Copyright 2003 Enterasys Networks Page 7 Module Interfaces EMI/EMCSelf-tests Design Assurance Mitigation of Other Attacks Copyright 2003 Enterasys Networks Page 8Copyright 2003 Enterasys Networks Page 9 Module Physical Ports Fips 140-2 Logical Interface Copyright 2003 Enterasys Networks Page 10Roles and Services Copyright 2003 Enterasys Networks Page 11SSH SnmpVPN Authenticate to the module during IKE. This IKECopyright 2003 Enterasys Networks Page 14 Algorithm using a 1024 bit key pair Physical SecurityOperational Environment Mechanism is as strong as the RSACryptographic Key Management Fips 186-2 Prng Copyright 2003 Enterasys Networks Page 18 Copyright 2003 Enterasys Networks Page 19 Self-Tests Copyright 2003 Enterasys Networks Page 20Design Assurance Mitigation of Other AttacksCopyright 2003 Enterasys Networks Page 21 Crypto Officer Guidance Copyright 2003 Enterasys Networks Page 22Enter copy running-config startup-config Copyright 2003 Enterasys Networks Page 23User Guidance Copyright 2003 Enterasys Networks Page 24XSR Copyright 2003 Enterasys Networks Page 25
Top Page Image Contents