Firewall |
| authorization | configuration data. | commands and |
|
|
| information for |
| configuration data. |
|
|
| network traffic that |
|
|
|
|
| flows through the |
|
|
|
|
| box. |
|
|
|
| Table 4 – Crypto Officer Services, Descriptions, Inputs and Outputs, and CSPs | ||||
User Role
The User role accesses the module’s IPSec and IKE services. Service descriptions, inputs and outputs, and CSPs are listed in the following table:
Service | Description | Input | Output | CSP |
IKE | Access the module IKE | IKE inputs and data | IKE outputs, | RSA key pair for |
| functionality to |
| status, and data | IKE (read |
| authenticate to the |
|
| access); Diffie- |
| module and negotiate IKE |
|
| Hellman key |
| and IPSec session keys |
|
| pair for IKE |
|
|
|
| (read and write |
|
|
|
| access); pre- |
|
|
|
| shared keys for |
|
|
|
| IKE (read |
|
|
|
| access) |
IPSec | Access the module’s | IPSec inputs, | IPSec outputs, | Session keys for |
| IPSec services in order to | commands, and | status, and data | IPSec (read and |
| secure network traffic | data |
| write access) |
Table 5 – User Services, Descriptions, Inputs and Outputs
Authentication Mechanisms
The module supports
The estimated strength of each authentication mechanism is described below.
Authentication Type | Role | Strength |
Crypto Officer | Passwords are required to be at least six | |
authentication (CLI, SNMP, |
| characters long. Numeric, alphabetic (upper |
and Bootrom monitor mode) |
| and lowercase), and keyboard and |
|
| extended characters can be used, which |
|
| gives a total of 95 characters to choose |
|
| from. Considering only the |
|
| alphabet using a password with repetition, |
|
| the number of potential passwords is 26^6. |
User | RSA signing and verification is used to | |
(IKE) |
| authenticate to the module during IKE. This |
© Copyright 2003 Enterasys Networks Page 14 of 25
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
