MNR S2500 Security Policy

Version 1.3, Revision Date: 1/13/2009

Entering FIPS Mode

To enter FIPS mode, the Crypto Officer must follow the procedure outlined in Table 3 below. For details on individual router commands, use the online help facility or review the Enterprise OS Software User Guide, version 15.4 and the Enterprise OS Software Reference Guide, version 15.4.

Step

Description

 

 

1.

Configure the parameters for the IKE negotiations using the IKEProfile command. For FIPS

 

mode, only the following values are allowed: Diffie-Hellman Group (Group 2 or Group 5),

 

Encryption Algorithm (AES or 3DES), Hash Algorithm (SHA), and Authentication Method

 

(PreSharedKey).

 

 

2.

Manually establish via the local console port the pre-shared key (PSK) to be used for the IKE

 

protocol using:

 

ADD –CRYPTO FipsPreSharedKey <peer_ID> <pre-shared_key> <pre-shared_key>

 

The PSK must be at least 80 bits in length with at least 80 bits of entropy.

 

 

3.

Configure Ipsec and FRF.17 selector lists using the command

 

ADD –CRYPTO SelectorLIst

 

For FIPS mode, the selector list must be configured to encrypt all packets on an encrypted port,

 

e.g. ADD –CRYPTO SelectorLIst s1 1 Include ANY 0.0.0.0/0 0.0.0.0/0

 

 

4.

If Ipsec is used, configure Ipsec transform lists using the ADD –CRYPTO TransformLIst

 

command. For FIPS mode, only the following values are allowed: Encryption Transform (ESP-

 

3DES, or ESP-AES) and Authentication Transform (ESP-SHA).

 

 

5.

If FRF.17 is used, configure FRF.17 transform lists using the ADD –CRYPTO

 

TransformLIst command. For FIPS mode, only the following values are allowed: Encryption

 

Transform (FRF-3DES, or FRF-AES) and Authentication Transform (FRF-SHA).

 

 

6.

For each port for which encrypted is required, bind a dynamic policy to the ports using

 

ADD [!<portlist>] –CRYPTO DynamicPOLicy <policy_name> <priority>

 

<mode> <selctrlist_name> <xfrmlist_name> [<pfs>] [<lifetime>] [<preconnect>]

 

To be in FIPS mode, the selector list and transform list names must be defined as in previous

 

steps.

 

 

7.

For each port for which encryption is required, enable encryption on that port using

 

SETDefault [!<portlist>] –CRYPTO CONTrol = Enabled

 

 

8.

FIPS-140-2 mode achieved

 

 

 

Table 3 – FIPS Approved mode configuration

To review the cryptographic configuration of the router, use the following command:

Page 6

Page 5 Page 7
Page 6
Image 6
Motorola S2500 manual Entering Fips Mode, Step Description
Page 5 Page 7

S2500 specifications

The Motorola S2500 is a standout device in the realm of two-way radios, designed to enhance communication efficiency in various professional environments. This rugged and reliable radio is backed by Motorola's decades of expertise in manufacturing communication equipment, making it a trusted choice for industries such as construction, security, and hospitality.

One of the main features of the S2500 is its robust build quality. The radio is designed to withstand harsh conditions, with an IP67 rating that ensures it is both dust-proof and water-resistant. This durability is crucial for users who work in challenging environments, as it guarantees that the device will perform reliably, even in adverse weather conditions.

The S2500 also excels in battery life, equipped with a high-capacity lithium-ion battery that supports extended usage. Depending on the operational demands, users can enjoy up to 20 hours of talk time on a single charge. This is particularly beneficial for professionals who rely on continuous communication throughout their workday without worrying about frequent recharging.

In terms of connectivity, the S2500 features an impressive range, supporting clear communication over considerable distances, which can vary depending on the surrounding environment. This is complemented by the radio's advanced digital audio processing technology, providing clear and crisp sound quality even in noisy conditions. The adjustable volume control ensures that users can tailor their listening experience for maximum clarity.

Another significant characteristic of the Motorola S2500 is its user-friendly interface. It comes equipped with programmable buttons that allow users to customize their settings for easy access to frequently used features. This simplifies operations for teams that require quick responses without navigating complex menus.

Moreover, the S2500 supports multiple channels and privacy codes, enabling secure communication among teams while minimizing interference from other frequencies. This feature is essential for organizations that operate in crowded radio environments.

Finally, the Motorola S2500 supports various accessories, including earpieces and microphone kits, enhancing its versatility and functionality. This adaptability makes it an ideal solution for businesses looking to streamline their communication processes while ensuring team coordination and safety.

Overall, the Motorola S2500 stands out as a reliable, feature-rich two-way radio that meets the demands of modern professional communication. Its combination of durability, battery life, sound quality, and ease of use makes it a preferred choice for many industries worldwide.
Top Page Image Contents