Dell W-AP105, W- AP92, AP-92, AP-175, AP-93, W-AP93, W-AP175, AP-105 manual Rng

Page 41

			STORAGE
CSP	CSP TYPE	GENERATION	And	USE
			ZEROIZATI
			ON

IKEv1/IKEv2 Diffie-	1024-bit	Generated internally	Stored in	Used in
Hellman Private key	Diffie-	during IKEv1/IKEv2	plaintext in	establishing
	Hellman	negotiation	volatile	the session key
	private key		memory;	for IPSec
			zeroized when
			session is
			closed or
			system is
			powered off

IKEv1/IKEv2 Diffie-	128 bit Octet	Generated internally	Stored in	IKEv1/IKEv2
Hellman shared secret		during IKEv1/IKEv2	plaintext in	payload
		negotiation	volatile	integrity
			memory;	verification
			zeroized when
			session is
			closed or
			system is
			powered off

ArubaOS OpenSSL RNG	Seed (16	Derived using NON-	Stored in	Seed ANSI
Seed for FIPS compliant	Bytes)	FIPS approved HW RNG	plaintext in	X9.31 RNG
ANSI X9.31, Appendix		(/dev/urandom)	volatile
A2.4 using AES-128 Key			memory only;
algorithm			zeroized on
			reboot

ArubaOS OpenSSL RNG	Seed key (16	Derived using NON-	Stored in	Seed ANSI
Seed key for FIPS	bytes, AES-	FIPS approved HW RNG	plaintext in	X9.31 RNG
compliant ANSI X9.31,	128 Key	(/dev/urandom)	volatile
Appendix A2.4 using	algorithm)		memory only;
AES-128 Key algorithm			zeroized on
			reboot

ArubaOS Cryptographic	Seed (64	Derived using NON-	Stored in	Seed 186-2
Module RNG Seed for	bytes)	FIPS approved HW RNG	plaintext in	General
FIPS compliant 186-2		(/dev/urandom)	volatile	Purpose (X
General Purpose (X			memory only;	change
change Notice); SHA-1			zeroized on	Notice); SHA-
RNG			reboot	1 RNG

ArubaOS Cryptographic	Seed Key	Derived using NON-	Stored in	Seed 186-2
Module RNG Seed key for	(64 bytes)	FIPS approved HW RNG	plaintext in	General
FIPS compliant 186-2		(/dev/urandom)	volatile	Purpose (X
General Purpose (X			memory only;	change
change Notice); SHA-1			zeroized on	Notice); SHA-
RNG			reboot	1 RNG

41

Image 41

Contents Version Feb Aruba Networks Crossman Ave Sunnyvale, CA Page AP-105 Series Aruba Dell Relationship Acronyms and AbbreviationsAP-175 Series Security Levels Physical SecurityROLES, Authentication and Services Acronyms and Abbreviations IntroductionAruba Dell Relationship IPSec GHzAP-92 Product OverviewPhysical Description Aruba Part Number Dell Corresponding Part NumberEnet AP-92 Indicator LEDs Label Function Action StatusPWR Label Function Action Status AP-93AP-93 Indicator LEDs Label Function Action Status AP-105 Series AP-105 Wireless Access PointAP-105 Indicator LEDs Label Function Action Status AP-175 Series AP-175 Wireless Access PointPhysical Description Function Action Status Position AP-175 Indicator LEDs LabelSecurity Levels Module ObjectivesPhysical Security Applying TELsAP-92 Tel placement front view 2 AP-92 TEL PlacementAruba AP-92 Tel placement right view Aruba AP-92 Tel placement bottom view 3 AP-93 TEL PlacementAruba AP-93 Tel placement left view Aruba AP-93 Tel placement top view 4 AP-105 TEL PlacementAruba AP-105 Tel placement left view Aruba AP-105 Tel placement bottom view 5 AP-175 TEL PlacementAruba AP-175 Tel placement back view Aruba AP-175 Tel placement top view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interfaces Module Physical Interface Logical InterfacesRoles Roles, Authentication and ServicesCrypto Officer Authentication Wireless Client Authentication User AuthenticationStrength of Authentication Mechanisms Authentication Mechanism StrengthWPA2-PSK Crypto Officer Services ServicesWPA2 PSK KEKPMK User ServicesPTK Eapol MICUnauthenticated Services Wireless Client Services∙ FTP ∙ Tftp ∙ NTP Non-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG AES-CCM PSKGTK GMKSelf Tests For an AES Atheros hardware Post failure