250HSM Security Policy

10.5Key Destruction

Critical security parameters including plaintext private keys, symmetric keys and intermediate values will be zeroized according to various conditions as described in Table 10 "Key Destruction" (page 250). It is also possible for the security officer to command the board to un-initialize, which causes the data stored in RAM, FLASH and BBRAM to be erased.

Table 10

Key Destruction

Tamper

Voltage Applied

 

Storage

 

Detected

 

 

 

 

 

Battery

PCI

BRAM

RAM and Other

Flash

 

 

 

 

 

 

 

NO

YES

YES

Retained

Retained

Retained

 

 

 

 

 

 

NO

YES

NO

Retained

Erased

Retained

 

 

 

 

 

 

NO

NO

YES

Retained

Retained

Retained

 

 

 

 

 

 

NO

NO

NO

Erased

Erased

Retained

 

 

 

 

 

 

YES

YES

YES

Erased

Erased

Retained

 

 

 

 

 

 

YES

YES

NO

Erased

Erased

Retained

 

 

 

 

 

 

YES

NO

YES

Erased

Erased

Retained

 

 

 

 

 

 

YES

NO

NO

Erased

Erased

Retained

 

 

 

 

 

 

10.6 Key Archiving

Under the control of the Rainbow Technologies key management utility, it is also possible to archive keys. This may be done so that keys may be stored on backup media such as tape or hard drives. The Rainbow Technologies key management utility utilizes the "Wrap Key" command to perform key archival. All archived keys are 3DES3KEY encrypted. Keys may only be archived and restored between devices in the same family.

11.0 Modes

The HSM has two operating modes. These are the FIPS140-1 mode and the non-FIPS140-1 mode. Before the HSM is initialized with the "Initialize Card" command, it is in the non-FIPS140-1 mode. This command has an input parameter that specifies the mode of the card after initialization. Once initialized, the board remains in one of the two modes. If one wishes to change the operating mode of the card, the card must first be uninitialized using the "Uninitialize Card" command. Then, the card can be initialized with a different operating mode. Uninitializing the card removes all secrets from the card.

11.1 FIPS 140-1 Mode

In the FIPS 140-1 mode, the board may only perform FIPS approved algorithms.

These are as follows:

Nortel VPN Gateway

User Guide

NN46120-104 02.01 Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

Page 250
Image 250
Nortel Networks NN46120-104 manual Modes, Key Destruction, Key Archiving, Fips 140-1 Mode

NN46120-104 specifications

Nortel Networks NN46120-104 is a versatile and efficient telecommunications hardware platform designed to meet the demands of modern networking environments. As a part of Nortel’s extensive portfolio, this device showcases the company’s commitment to innovation and reliability in the telecom sector.

One of the main features of the NN46120-104 is its robust performance capabilities. This platform is capable of handling high traffic volumes, making it suitable for medium to large enterprises. With its advanced routing capabilities and support for various protocols, the device ensures seamless communication across multiple network segments, providing efficient data transfer and connectivity.

The NN46120-104 is built upon the foundation of Nortel's renowned Layer 3 switching technology. This allows it to intelligently direct data packets based on their IP addresses, optimizing both speed and reliability. The inclusion of Virtual LAN (VLAN) support enhances network segmentation, improving security and management while reducing broadcast domains.

In terms of interface options, the NN46120-104 supports an array of Ethernet configurations, including Gigabit and Fast Ethernet ports. This flexibility allows organizations to tailor their networking solutions to their specific needs while enabling easy upgrades as technology evolves. The device also supports Power over Ethernet (PoE), facilitating the deployment of powered devices like IP phones and wireless access points without the need for additional power sources.

Another significant characteristic of the NN46120-104 is its robustness in terms of security features. With support for advanced security protocols and features such as Access Control Lists (ACLs), the device helps safeguard sensitive data by controlling traffic flow and restricting unauthorized access.

Additionally, the NN46120-104 is designed for ease of management. It offers an intuitive interface and supports various management protocols, including Simple Network Management Protocol (SNMP), enabling administrators to monitor and configure the device efficiently.

In summary, the Nortel Networks NN46120-104 combines high performance, extensive connectivity options, advanced security features, and ease of management, making it a formidable choice for enterprises looking to enhance their network infrastructure. Its capabilities align well with the rigorous demands of today’s digital communication landscape, ensuring reliability and efficiency in organizational operations.