Manuals / Motorola / Computer Equipment / Network Router

Motorola S2500 manual Access Control Policy, Authenticated Services, Unauthenticated Services

Models: S2500

1 18

Download 18 pages 22.72 Kb

Page 10

MNR S2500 Security Policy

Version 1.3, Revision Date: 1/13/2009

6. Access Control Policy

Authenticated Services

•Firmware Update: load firmware images digitally signed by RSA (1024 bit) algorithm.

•Key Entry: Enter Pre-Shared Keys (PSK)

•User Management: Add/Delete and manage passwords operators

•Reboot: force the module to power cycle via a command

•Zeroization: actively destroy all plaintext CSPs and keys

•Crypto Configuration: Configure IPsec and FRF.17 services

•IKE: Key establishment utilizing the IKE protocol

•IPsec tunnel establishment: IPsec protocol

•FRF.17 tunnel establishment: Frame Relay Privacy Protocol

•SSHv2 for remote access to the router

•Network configuration: Configure networking capabilities

•Enable Ports: Apply a security policy to a port

•File System: Access file system

•Authenticated Show status: Provide status to an authenticated operator

•Access Control: Provide access control for all operators

Unauthenticated Services:

•Unauthenticated Show status: provide the status of the cryptographic module – the status is shown using the LEDs on the front panel.

•Power-up Self-tests: execute the suite of self-tests required by FIPS 140-2 during power- up not requiring operator intervention.

•Monitor: Perform various hardware support services

Page 10

Image 10

Motorola S2500 manual Access Control Policy, Authenticated Services, Unauthenticated Services

Contents

Motorola Network Router MNR S2500 Security Policy Document Version Revision Date 1/13/2009MNR S2500 Security Policy TABLE OF CONTENTSPage Version 1.3, Revision Date 1/13/2009Optional Interface Cards 1. Module Overviewnot included in cryptographic module boundary Security Requirements Section 2. Security Level3. Modes of Operation LevelAllowed Algorithms Firmware ImplementationsNon-FIPS approved algorithms Table 3 - FIPS Approved mode configuration Entering FIPS ModeSETDefault !portlist -CRYPTO CONTrol = Enabled StepSHOW -CRYPTO CONFiguration MNR S2500 Security Policy Version 1.3, Revision Date 1/13/20094. Ports and Interfaces 5. Identification and Authentication PolicyAssumption of roles The definition of all supported roles is shown in Table 5 below Authenticated Services 6. Access Control PolicyUnauthenticated Services Admin Roles and ServicesService MaintenanceDescription/Usage Definition of Critical Security Parameters CSPsThe following CSPs are contained within the module Table 8 - Critical Security Parameters CSPsDefinition of CSPs Modes of Access Definition of Public KeysEnable Ports Table 10 - Services to CSP Access mappingReboot Access Control7. Operational Environment 8. Security Rules9. Crypto Officer Guidance 12. Definitions and Acronyms 10. Physical Security Policy11. Mitigation of Other Attacks Policy Physical Security MechanismsSNMP - Simple Network Management Protocol PFS - Perfect Forward Secrecy RNG - Random Number GeneratorSHA - Secure Hash Algorithm SSH - Secure Shell Page