Non-Proprietary Security Policy, Version 1.0 | June 15, 2007 |
2 Secure Operation
The VSX 3000, VSX 5000, and VSX 7000s meet Level 1 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation.
2.1 Crypto-Officer Guidance
The Crypto-Officer is responsible for initialization and security-relevant configuration and management of the module through the web management interface, serial port from a non networked PC, or secure Telnet over TLS. Please see Polycom’s Administrator’s Guide for the VSX Series for more information on setting up, configuring and maintaining the modules.
2.1.1Initialization
The Crypto-Officer is responsible for putting the modules in FIPS mode of Operation, by enabling the system to automatically encrypt calls. AES encryption is a standard feature on all VSX systems. The system will be shipped by default in Non-Secure Mode. To put the modules in FIPS mode of Operation, the Crypto-Officer must:
oGo to System → Admin Settings → System Security
oSelect Secure Mode
oSelecting the Secure mode will result in a system reset
oThe change of mode from Non-Secure mode to secure mode shall initiate Crypto-Officer password change request
2.1.2Management
Following are the points of System behavior in FIPS mode of Operation:
oDefault password (System Serial number) or Dummy password (No password), is not allowed for 'admin' login in the secured mode.
oOnly https over TLS, secure telnet, and secure FTP connections are allowed in the secured mode. The
standard http connections with no security will not be allowed.
oMedia encryption during a call (H.323/H.320) will always be set to ON (AES-Encryption ON) The following table details the port number to be used for secure applications, telnet, FTP, and https over TLS.
Application
TLS Telnet Debug Port
TLS Telnet API Port
TLS FTP for control Connection TLS FTP for data Connection TLS http
Port Number
992
993
990
989
443
The Crypto-Officer is able to monitor and configure the module via the web interface (https over TLS), serial port, or via secure telnet (Telnet over TLS). Detailed instructions to monitor and troubleshoot the systems are provided in the Administrator’s Guide for the VSX Series.
Software upgrade is not allowed in FIPS mode of Operation.
Polycom VSX 3000, VSX 5000, and VSX 7000s | Page 20 of 23 |
© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.