234HSM Security Policy

2.0 Applicable Documents

FIPS PUB 140-1 Federal Information Processing Standard, Security Requirements for Cryptographic Modules. January, 11, 1994, U.S. Department of Commerce, National Institute of Standards and Technology

Derived Test Requirements for FIPS PUB 140-1, Security Requirements for Cryptographic Modules. FINAL, March 1995, Mitre for NIST Contract 50SBNIC6732

FIPS PUB 46-3 and FIPS PUB 81, for information about the Data Encryption Standard (DES), and Triple DES algorithm. U.S. Department of Commerce, National Institute of Standards and Technology

FIPS PUB 180-1, Secure Hash Algorithm (SHA-1), U.S. Department of Commerce, National Institute of Standards and Technology. ANSI Standard X9.17-1995, Financial Institution Key Management (Wholesale), American Banking Association, X9 Financial Services, American National Standards Institute

PKCS #1 RSA Cryptography Standard, Version 2.0,

http://www.rsasecurity.com/

RSA Security .Inc

3.0 Overview

The HSM is a cryptographic module which is used to accelerate cryptographic processing for network based electronic commerce and other network based applications. The board has two modes. These are the non-FIPS140-1 mode and the FIPS140-1 mode. In the FIPS140-1 mode, the board can be used in servers to improve the performance associated with high rate signing operations. In the non-FIPS140-1 mode, the board can be used to accelerate RSA operations for SSL connections on web servers. Other uses are limited only by the creativity of applications developers who can write to standard API’s such as Cryptoki (PKCS#11).

The HSM is a PCI card. It has a serial port, a Universal Serial Bus (USB) port, and an LED. The board is shipped with four tokens. These tokens plug into the USB port. The first token is used for authenticating the Security Officer to the HSM. The second token is used to for authenticating the User. The third and fourth tokens are called "code tokens." One of these is held (controlled) by the Security Officer. The other held by the User. The code keys are used to move key parts (also known as "key shares") between two HSM boards. Key parts transferred by this mechanism are combined within the destination boards so that a shared secret can exist on one or more boards without having existed in plaintext outside of a family of HSM boards. The shared

Nortel VPN Gateway

User Guide

NN46120-104 02.01 Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

Page 234
Image 234
Nortel Networks NN46120-104 manual Applicable Documents, Overview

NN46120-104 specifications

Nortel Networks NN46120-104 is a versatile and efficient telecommunications hardware platform designed to meet the demands of modern networking environments. As a part of Nortel’s extensive portfolio, this device showcases the company’s commitment to innovation and reliability in the telecom sector.

One of the main features of the NN46120-104 is its robust performance capabilities. This platform is capable of handling high traffic volumes, making it suitable for medium to large enterprises. With its advanced routing capabilities and support for various protocols, the device ensures seamless communication across multiple network segments, providing efficient data transfer and connectivity.

The NN46120-104 is built upon the foundation of Nortel's renowned Layer 3 switching technology. This allows it to intelligently direct data packets based on their IP addresses, optimizing both speed and reliability. The inclusion of Virtual LAN (VLAN) support enhances network segmentation, improving security and management while reducing broadcast domains.

In terms of interface options, the NN46120-104 supports an array of Ethernet configurations, including Gigabit and Fast Ethernet ports. This flexibility allows organizations to tailor their networking solutions to their specific needs while enabling easy upgrades as technology evolves. The device also supports Power over Ethernet (PoE), facilitating the deployment of powered devices like IP phones and wireless access points without the need for additional power sources.

Another significant characteristic of the NN46120-104 is its robustness in terms of security features. With support for advanced security protocols and features such as Access Control Lists (ACLs), the device helps safeguard sensitive data by controlling traffic flow and restricting unauthorized access.

Additionally, the NN46120-104 is designed for ease of management. It offers an intuitive interface and supports various management protocols, including Simple Network Management Protocol (SNMP), enabling administrators to monitor and configure the device efficiently.

In summary, the Nortel Networks NN46120-104 combines high performance, extensive connectivity options, advanced security features, and ease of management, making it a formidable choice for enterprises looking to enhance their network infrastructure. Its capabilities align well with the rigorous demands of today’s digital communication landscape, ensuring reliability and efficiency in organizational operations.