Manuals / Enterasys Networks / Computer Equipment / Network Router

Enterasys Networks XSR-1805, XSR-1850, XSR-3250 manual Design Assurance, Mitigation of Other Attacks

Models: XSR-3250 XSR-1850 XSR-1805

1 25
Download 25 pages 10.71 Kb
Page 21
Image 21

Continuous random number generator test: this test is constantly run to detect failure of the random number generator of the module.

Manual key entry test: when entering a pre-shared key, master encryption key, or load test HMAC SHA-1 key, the module performs the manual key entry test by requesting the Crypto Officer to enter the key in twice.

Software load test: the module uses HMAC SHA-1 to check the validity of the software. Only validated software can be loaded into the modules.

Bypass mode test: the module performs SHA-1 check value verification to ensure that the policy files are not modified.

If any of the power-up self-tests fail (excluding the interface diagnostic tests), the module enters the Critical Error state and reboots. When the power-up software load test fails, the module enters the Critical Error state, rather than rebooting the module deletes the invalid software file and enters the Bootrom Monitor Mode state.

If any of the conditional self-tests fail (except for the continuous RNG test and the bypass mode test), the module enters the Non-Critical Error state. All cryptographic processing and data output for the problem service is halted until the error state is cleared by the Crypto Officer. If the continuous RNG test or the conditional bypass mode test fails, the module will enter the Critical Error state and reboot.

When the module fails a power-up or conditional self-test, it will output an error indicator via the console port.

Design Assurance

Source code and associated documentation files are managed and recorded by using the configuration management tool ClearCase.

The Enterasys hardware data, which includes Description, Part Data, Part Type, BOM, Manufacturers, Changes, History, and hardware documents are managed and recorded using Agile Workplace.

The FIPS documentation were managed and recorded by using Microsoft Visual Source Safe version 6.0.

Mitigation of Other Attacks

The modules do not employ security mechanisms to mitigate specific attacks.

© Copyright 2003 Enterasys Networks Page 21 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Page 20 Page 22
Page 21
Image 21
Enterasys Networks XSR-1805, XSR-1850 Design Assurance, Mitigation of Other Attacks, Copyright 2003 Enterasys Networks
Page 20 Page 22