Manuals / Enterasys Networks / Computer Equipment / Network Router

Enterasys Networks XSR-1805, XSR-1850, XSR-3250 manual User Guidance

Models: XSR-3250 XSR-1850 XSR-1805

1 25

Download 25 pages 10.71 Kb

Page 24

•Dial backup access must be disabled.

•Syslog remote logging must be disabled.

•VPN services can only be provided by IPSec or L2TP over IPSec.

•Only SNMPv3 can be enabled.

•If cryptographic algorithms can be set for services (such as IKE/IPSec and SNMP), only FIPS-approved algorithms can be specified. These include the following:

oAES

oTriple-DES

oDES

oSHA-1

oHMAC SHA-1

oDSA

oRSA signature and verification

•FTP and TFTP can only be used to load valid software files. (FTP and TFTP over IPSec can be used to transfer configuration files.)

•The module logs must be monitored. If a strange activity is found, the Crypto Officer should take the module off line and investigate.

•The tamper-evident labels must be regularly examined for signs of tampering.

User Guidance

The User accesses the module VPN functionality as an IPSec client. Although outside the boundary of the module, the User should be careful not to provide authentication information and session keys to other parties.

© Copyright 2003 Enterasys Networks Page 24 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Image 24

Enterasys Networks XSR-1805, XSR-1850, XSR-3250 manual User Guidance

Contents

FIPS 140-2 Non-Proprietary Security Policy XSR-1805, XSR-1850, and XSR-3250Level 2 Validation Version September Copyright 2003 Enterasys NetworksTable of Contents INTRODUCTIONENTERASYS NETWORKS XSR-1805, XSR-1850, AND XSR-3250 SECURE OPERATIONIntroduction PurposeReferences Document OrganizationCopyright 2003 Enterasys Networks Page 4 of ENTERASYS NETWORKS XSR-1805, XSR-1850, AND XSR-3250 OverviewCryptographic Module Two fans External power source connector One PMC slot for PPMC card Module Interfaces Ten status LEDs One power connector One power switch Mini-Gigabit Interface Converter MGBIC fiberoptic port plus two LEDs Roles and Services Crypto Officer RoleService AccessDescription InputManagement Authentication Mechanisms Table 5 - User Services, Descriptions, Inputs and OutputsUser Role Physical Security Operational EnvironmentTable 6 - Estimated Strength of Authentication Mechanisms Cryptographic Key Management XSR-18xx - Triple-DES, DES, and HMAC SHA-1 Key Generation Key EstablishmentKey Entry and Output Table 8 - Listing CSPs for the ModuleSession keys are stored in plaintext form in RAM Power-up Self-tests Self-TestsConditional Self-tests Design Assurance Mitigation of Other AttacksCopyright 2003 Enterasys Networks Page 21 of Crypto Officer Guidance 6. Enter copy running-config startup-config User Guidance Authentication, Authorization, and Accounting