Manuals / Motorola / Computer Equipment / Network Router

Motorola S2500 manual Security Level, Modes of Operation, Security Requirements Section

Models: S2500

1 18

Download 18 pages 22.72 Kb

Page 4

MNR S2500 Security Policy

Version 1.3, Revision Date: 1/13/2009

2. Security Level

The cryptographic module meets the overall requirements applicable to Level 1 security of FIPS 140-2.

Security Requirements Section	Level

Cryptographic Module Specification	1

Module Ports and Interfaces	1

Roles, Services and Authentication	1

Finite State Model	1

Physical Security	1

Operational Environment	N/A

Cryptographic Key Management	1

EMI/EMC	3

Self-Tests	1

Design Assurance	1

Mitigation of Other Attacks	N/A

Table 2 – Module Security Level Specification

3. Modes of Operation

Approved mode of operation

In FIPS mode, the cryptographic module supports the following FIPS-Approved algorithms as follows:

Hardware Implementations

a.Triple-DES– CBC mode (112 or 168 bit) for IPsec and FRF.17 encryption (Cert. #588)

b.AES - CBC mode(128, 192, 256 bit) for IPsec and FRF.17 encryption (Cert. #625)

c.HMAC-SHA-1 for IPsec and FRF.17 authentication (Cert. #342)

d.SHA-1 for message hash (Cert. #693)

Page 4

Image 4

Motorola S2500 manual Security Level, Modes of Operation, Security Requirements Section, Hardware Implementations

Contents

Motorola Network Router MNR S2500 Security Policy Document Version Revision Date 1/13/2009TABLE OF CONTENTS PageMNR S2500 Security Policy Version 1.3, Revision Date 1/13/2009Optional Interface Cards 1. Module Overviewnot included in cryptographic module boundary 2. Security Level 3. Modes of OperationSecurity Requirements Section LevelAllowed Algorithms Firmware ImplementationsNon-FIPS approved algorithms Entering FIPS Mode SETDefault !portlist -CRYPTO CONTrol = EnabledTable 3 - FIPS Approved mode configuration StepSHOW -CRYPTO CONFiguration MNR S2500 Security Policy Version 1.3, Revision Date 1/13/20094. Ports and Interfaces 5. Identification and Authentication PolicyAssumption of roles The definition of all supported roles is shown in Table 5 below Authenticated Services 6. Access Control PolicyUnauthenticated Services Roles and Services ServiceAdmin MaintenanceDefinition of Critical Security Parameters CSPs The following CSPs are contained within the moduleDescription/Usage Table 8 - Critical Security Parameters CSPsDefinition of CSPs Modes of Access Definition of Public KeysTable 10 - Services to CSP Access mapping RebootEnable Ports Access Control7. Operational Environment 8. Security Rules9. Crypto Officer Guidance 10. Physical Security Policy 11. Mitigation of Other Attacks Policy12. Definitions and Acronyms Physical Security MechanismsPFS - Perfect Forward Secrecy RNG - Random Number Generator SHA - Secure Hash Algorithm SSH - Secure ShellSNMP - Simple Network Management Protocol Page