Carrier Access 1750 user manual Security Management Fips Mode

Security Management (FIPS Mode)

Security Features

Security Features

This release of the Broadmore includes the Broadmore/SSHield Management Module, which is a FIPS 140-2 validated software-only module that meets the security requirements of Federal Information Processing Standard PUB 140-2. The Broadmore/ SSHield Management Module enables the secure operation and control of the Broadmore’s ATM configuration parameters via a command line interface (CLI) or menu based interface (CAMMI). TeamF1’s SSHield provides security by means of the SSH (IETF SECSH) protocol to ensure that network connections are secure.

A detailed description of the Broadmore security features are provided in the “Broadmore/SSHield Management Module Version 4.0 Security Policy” available at the following web sites:

http://www.carrieraccess.com/support/ under the Broadmore documents

http://csrc.nist.gov/cryptval/ under the Validation Lists

When the FIPS Security option is enabled on the Broadmore, the following security features are available:

RSA SecurID® authentication (optional, see “SecurID Features” on page 11-49)

Private management data paths using SSHield for CLI/CAMMI sessions and Secure File Transfer Protocol (SFTP)

Configuration activity audit trails

Zeroize command for decommissioning one or both CPUs

Enabling FIPS mode security disables FTP and Telnet access. Users must log in using secure client replacements such as SecureCRT® and SecureFX®. A secure terminal emulator is required to enter a secure Broadmore system. Although many secure terminal emulators are available, SecureCRT is recommended.

NOTE: Be sure to use the appropriate fonts and screen settings to maintain the proper screen appearance.