Dell W-AP134, AP-134, AP-135 Module Objectives, Security Levels, Physical Security, Applying TELs

Page 11

3 Module Objectives

This section describes the assurance levels for each of the areas described in the FIPS 140-2 Standard. In addition, it provides information on placing the module in a FIPS 140-2 approved configuration.

3.1 Security Levels

Section

Section Title

Level

 

 

 

1

Cryptographic Module Specification

2

 

 

 

2

Cryptographic Module Ports and Interfaces

2

 

 

 

3

Roles, Services, and Authentication

2

 

 

 

4

Finite State Model

2

 

 

 

5

Physical Security

2

 

 

 

6

Operational Environment

N/A

 

 

 

7

Cryptographic Key Management

2

 

 

 

8

EMI/EMC

2

 

 

 

9

Self-tests

2

 

 

 

10

Design Assurance

2

 

 

 

11

Mitigation of Other Attacks

N/A

 

 

 

3.2 Physical Security

The Aruba Wireless AP is a scalable, multi-processor standalone network device and is enclosed in a robust plastic housing. The AP enclosure is resistant to probing (please note that this feature has not been tested as part of the FIPS 140-2 validation) and is opaque within the visible spectrum. The enclosure of the AP has been designed to satisfy FIPS 140-2 Level 2 physical security requirements.

3.2.1 Applying TELs

The Crypto Officer is responsible for securing and having control at all times of any unused tamper evident labels. The Crypto Officer should employ TELs as follows:

Before applying a TEL, make sure the target surfaces are clean and dry.

Do not cut, trim, punch, or otherwise alter the TEL.

Apply the wholly intact TEL firmly and completely to the target surfaces.

Ensure that TEL placement is not defeated by simultaneous removal of multiple modules.

Allow 24 hours for the TEL adhesive seal to completely cure.

Record the position and serial number of each applied TEL in a security log.

For physical security, the AP requires Tamper-Evident Labels (TELs) to allow detection of the opening of the device, and to block the serial console port (on the bottom of the device). The tamper-evident labels shall be installed for the module to operate in a FIPS approved mode of operation. To protect the device from tampering, TELs should be applied by the Crypto Officer as pictured below:

11

Page 10 Page 12
Image 11
Page 10 Page 12
Contents Fips 140-2 Non-Proprietary Security Policy Page Operational Environment Logical Interfaces Aruba Dell Relationship Acronyms and AbbreviationsSecurity Levels Physical Security Modes of OperationServices CPSec IntroductionAruba Dell Relationship Acronyms and AbbreviationsSHA Aruba Part Number Dell Corresponding Part Number Product OverviewAP-134 Physical DescriptionENET1 AP-134 Indicator LEDs Label Function Action StatusPWR ENET0AP-135 AP-135 Indicator LEDs Label Function Action Status Applying TELs Module ObjectivesSecurity Levels Physical SecurityAP-134 Front view 2 AP-134 TEL PlacementAP-134 Top View 3 AP-135 TEL PlacementAP-135 Front view AP-135 Top view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interface Module Physical Interface Logical InterfacesRoles Roles, Authentication and ServicesCrypto Officer Authentication Authentication Mechanism Strength User AuthenticationWireless Client Authentication Strength of Authentication MechanismsWPA2-PSK KEK ServicesCrypto Officer Services WPA2 PSKEapol MIC User ServicesPMK PTKUnauthenticated Services Wireless Client Services∙ FTP ∙ Tftp ∙ NTP Non-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG AES-CCM PSKGTK GMKSelf Tests For an AES Atheros hardware Post failure
Top Page Image Contents