Residual Data and Memory Volatility
Residual Data and Memory Volatility
Non-Volatile Memory ... 11-50
Network Interfaces ... 11-51
Sanitation Procedures ... 11-51
This notice summarizes relevant security concerns associated with the movement of sensitive data through any Broadmore ATM Multiplexer and subsequent re- deployment of these products into open environments. Should there be any questions or concerns regarding this notice, please contact Carrier Access Corporation customer support at 800-786-9929.
Non-Volatile Memory
The modules used in the Broadmore each contain one or more of the following types of non-volatile memory: removable Disk-on-Chip, removable and non- removable Flash memory. There is no internal data path or mechanism provided in a Broadmore to permit network data streams to be recorded onto non-volatile media. Such unintended or hostile actions on the part of the Broadmore could only be enabled by the surreptitious alteration of the device’s embedded firmware and hardware. Thus, adequate physical security and access controls are required to prevent hostile implementation of “other” (non-Carrier Access provided) firmware and hardware.
With Release 4.0, Broadmore received FIPS 140-2 validation (see certificate #478 posted under the Validation Lists at http://csrc.nist.gov/cryptval/). When operated properly, this version of software contains “zeroize” commands that reformats the Disk-on-Chip and destroys all stored configuration and sensitive data. It also contains a start-up routine that verifies that no surreptitious software has been loaded. See the Broadmore/SSHield Management Module Security Policy for more information.
The Broadmore also has a limited amount of cell buffering implemented via random access memory (RAM). This memory implementation is entirely volatile and will be immediately lost upon power-down. Data that has been buffered in the Broadmore RAM cannot be recovered under any circumstances after power-down.
11-50 | Broadmore 1750 - Release 4.6 |
