236HSM Security Policy

Algorithm

How it is used by the HSM module

Used in

FIPS 140-1

Mode?

3DES

Used to generate Pseudo-random numbers using the X9.17

Yes

 

Appendix C PRNG algorithm for the purposes of key generation of

 

 

RSA and 3DES keys.

 

 

Encryption/decryption of every key stored in persistence storage

 

 

within the module using the Master Key. Wrapping (encryption)

 

 

of Private RSA Keys using the Key-Wrapping-Key for archival

 

 

purposes. Unwrapping (decryption) of Private RSA Keys using the

 

 

Key-Wrapping-Key for the purpose of restoring an archived key.

 

 

Note: The 3DES Encrypt and Decrypt services are not available for

 

 

this algorithm in FIPS mode because keys are entered in plaintext.

 

 

 

 

RSA Si

Generation and verification of digital signatures using the RSA

Yes

gnature/

algorithm, in accordance with the PKCS #1 specification. Keys

 

Verification

pairs of modulus size in the range 192 through 1024 bits, in 64

 

 

bit increments. Note: The message digest operation of the digital

 

 

signature and verification function is performed outside of the

 

 

cryptographic boundary for performance reasons. After the digest

 

 

is computed outside the module, the module formats and pads the

 

 

message digest according to the PKCS #1 standard and then uses

 

 

the RSA algorithm to compute the digital signature.

 

 

 

 

SHA-1

Hashing of host-provided data. Hashing for the purpose of verifying

Yes

 

the RSA digital signature of a firmware image. Hashing a 3DES key

 

 

for the purpose of checking its integrity after it is split and then the

 

 

corresponding shares combined.

 

 

 

 

MD5

The module provides services to compute an MD5 message digest.

No

 

As this algorithm is not FIPS-approved, the corresponding services

 

 

are not available in the FIPS 140-1 Mode.

 

 

 

 

HMAC

The module provides a service to compute HMAC using SHA-1. As

No

(SHA-1)

currently implemented, the service requires the MAC key to be input

 

 

unencrypted through the PCI interface, and therefore this service is

 

 

not available in the FIPS 140-1 Mode.

 

 

 

 

HMAC

The module provides a service to compute HMAC using MD5.

No

(MD5)

Because MD5 is not a FIPS-approved algorithm, this service is not

 

 

available in the FIPS 140-1 Mode.

 

 

 

 

RC4

The module provides services for encryption/decryption with RC4.

No

 

Because RC4 is not a FIPS-approved algorithm, the corresponding

 

 

services are not available in the FIPS 140-1 Mode.

 

 

 

 

DSA

The module provides services for generating and verifying DSA

No

 

signatures. As currently implemented, the private key for signature

 

 

generation must be input through the PCI interface. Therefore,

 

 

this algorithm is not available in the FIPS 140-1 Mode. Keys pairs

 

 

of modulus size in the range 512 through 1024 bits, in 64 bit

 

 

increments.

 

 

 

 

Nortel VPN Gateway

User Guide

NN46120-104 02.01 Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

Page 235 Page 237
Page 236
Image 236
Nortel Networks NN46120-104 manual SHA-1
Page 235 Page 237

NN46120-104 specifications

Nortel Networks NN46120-104 is a versatile and efficient telecommunications hardware platform designed to meet the demands of modern networking environments. As a part of Nortel’s extensive portfolio, this device showcases the company’s commitment to innovation and reliability in the telecom sector.

One of the main features of the NN46120-104 is its robust performance capabilities. This platform is capable of handling high traffic volumes, making it suitable for medium to large enterprises. With its advanced routing capabilities and support for various protocols, the device ensures seamless communication across multiple network segments, providing efficient data transfer and connectivity.

The NN46120-104 is built upon the foundation of Nortel's renowned Layer 3 switching technology. This allows it to intelligently direct data packets based on their IP addresses, optimizing both speed and reliability. The inclusion of Virtual LAN (VLAN) support enhances network segmentation, improving security and management while reducing broadcast domains.

In terms of interface options, the NN46120-104 supports an array of Ethernet configurations, including Gigabit and Fast Ethernet ports. This flexibility allows organizations to tailor their networking solutions to their specific needs while enabling easy upgrades as technology evolves. The device also supports Power over Ethernet (PoE), facilitating the deployment of powered devices like IP phones and wireless access points without the need for additional power sources.

Another significant characteristic of the NN46120-104 is its robustness in terms of security features. With support for advanced security protocols and features such as Access Control Lists (ACLs), the device helps safeguard sensitive data by controlling traffic flow and restricting unauthorized access.

Additionally, the NN46120-104 is designed for ease of management. It offers an intuitive interface and supports various management protocols, including Simple Network Management Protocol (SNMP), enabling administrators to monitor and configure the device efficiently.

In summary, the Nortel Networks NN46120-104 combines high performance, extensive connectivity options, advanced security features, and ease of management, making it a formidable choice for enterprises looking to enhance their network infrastructure. Its capabilities align well with the rigorous demands of today’s digital communication landscape, ensuring reliability and efficiency in organizational operations.
Top Page Image Contents