Nortel Networks 4500 FIPS manual Roles and Services, Damaged Tamper-Evident Label

Attempting to remove a label breaks it or continually tears off small fragments as depicted in Figure 9. Other signs of tamper-evidence include a strong smell of organic solvents, warped or bent cover metal, and scratches in the paint on the module.

FIPS 140-1 Level 2 Tamper Evident

Extranet

Switch

Serial Number: 5673422

Figure 9 – Damaged Tamper-Evident Label

2.4Roles and Services

The Switch supports up to 5000 simultaneous users sending packets using Internet Protocol Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), and Layer Two Forwarding (L2F). In addition, an administrator may securely configure the switch either locally, or remotely.

The Switch employs role-based authentication of users, and stores user identity information in an internal or an External Lightweight Directory Access Protocol (LDAP) database. Authentication can optionally be performed against a variety of external servers using LDAP or RADIUS (Novell NDS, Microsoft Windows NT Domains, Security Dynamics ACE Server, Axent OmniGuard Defender)

There are two main roles in the Switch (as required by FIPS 140-1) that users may assume: Crypto Officer role and User role. The administrator of the switch assumes the Crypto Officer role in order to configure and maintain the switch using Crypto Officer services, while the Users exercise only the User services. The Crypto Officer role is assumed with the following rights:

∙Manage Switch rights: (either none, view switch, or manage switch). View switch rights allow an administrator to view all the configuration and status information on the switch. Manage switch rights allow an administrator to configure the switch and actually change settings.

∙Manage Users rights: (either none, view users, or manage users). View users rights allow an administrator to review all user accounts and settings on the Switch while manage users rights actually allow an administrator to create, modify, and delete users.

A User authenticates and assumes the User role in order to have rights to access the following services: