Enterasys Networks XSR-1805, XSR-1850, XSR-3250 manual Physical Security, Operational Environment

Table 6 – Estimated Strength of Authentication Mechanisms

The firewall mechanism can only be configured by the Crypto-Officer who authorizes the traffic that flows through the module.

Physical Security

The XSR modules are multi-chip standalone cryptographic modules, which were tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.

The modules are entirely contained within hard metal enclosures. The enclosure is resistant to probing and is opaque within the visible spectrum. The enclosures have been designed to satisfy level 2 physical security requirements. The ventilation holes on all three modules have been designed with baffling and less than 1/16th an inch diameter. Additionally, for the XSR-1850 and the XSR-3250, as soon as a cover (top or bottom) is removed, the nonvolatile RAM of the Real Time Clock chip is cleared, causing the master encryption key, which is used to encrypt user, certificate, and host key database files, to be zeroized.

All three modules require tamper-evident labels to be applied to protect and to notify of any tampering with the modules. Depending on whether the NIM slots are used, the XSR-1805 requires a minimum of seven and a maximum of nine labels to be applied, the XSR-1850 requires a minimum of five and a maximum of seven labels, and the XSR-3250 requires a minimum of four and a maximum of six labels. The labels are employed by the Crypto Officer as described in the Installation Guide: Attaching XSR Security Labels.

Operational Environment

The operational environment requirements do not apply to these modules. The XSR modules do not provide a general-purpose operating system, but rather a non-modifiable and embedded operating system.

© Copyright 2003 Enterasys Networks Page 15 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.