Nortel 4500 FIPS - Manuals - manualsarea.com

Page 2 - Table of Contents

© Copyright 2000 Nortel Networks. 2 Table of Contents 1 Introduction.................................................................................................................. 3 1.1 Purpose ..........................................................................................................

Page 3 - Introduction; Purpose

© Copyright 2000 Nortel Networks. 3 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the Contivity™ ExtranetSwitch 4500. This security policy describes how the Contivity™ Extranet Switch 4500 meetsthe security requirements of FIPS 140-1, and how to operat...

Page 5 - The Contivity Extranet 4500 Switch; Cryptographic Module; Figure 1 – The Contivity Extranet 4500 Switch; Module Interfaces

© Copyright 2000 Nortel Networks. 5 2 The Contivity Extranet 4500 Switch The Nortel Networks Contivity Extranet Switch 4500 provides a scalable, secure, manageableremote access server that meets FIPS 140-1 level 2 requirements. This section will describethe general features and functionality provide...

Page 6 - Figure 2 – Physical Interfaces; Contivity Extranet Switch 4500 Getting Started; Figure 3 – LAN Port LEDs; “Getting Started with the Contivity Extranet

© Copyright 2000 Nortel Networks. 6 . Figure 2 – Physical Interfaces The physical interfaces include the dual power plugs for the redundant power supplies, thepower and reset buttons, the serial port, the LAN Port RJ-45 connector, and up to six slotscontaining additional network connectors. The powe...

Page 7 - Redundancy and Physical Security

© Copyright 2000 Nortel Networks. 7 Figure 4 – 10/100BASE-TX LAN LEDs These physical interfaces are separated into the logical interfaces from FIPS as described in thefollowing table: Switch physical interface FIPS 140-1 Logical Interface 10/100BASE-TX LAN Port,LAN Port,Serial Port Data Input Interf...

Page 8 - Figure 5 – The Steel Cover of the Extranet Switch 4500; Record the serial numbers of the labels applied to the module.

© Copyright 2000 Nortel Networks. 8 front bezel allows access to the dual power supplies, hard drives, and floppy drive. Removingthe top cover or the I/O panel allows access to the motherboard, memory, and expansion slots. Figure 5 – The Steel Cover of the Extranet Switch 4500 Once the Extranet Swit...

Page 9 - Figure 7 – Tamper Evident Labels Applied to Rear Panel; Figure 8 – Tamper-Evident Label

© Copyright 2000 Nortel Networks. 9 (2) Top CoverLabels (2) FrontBezel Labels Figure 6 – Tamper-Evident Labels Applied to Switch Front Bezel and Top Cover (2) AC FilterInput Labels (1) Air HoleLabel (1) I/O PanelLabel (1) KeyboardConnectorLabel Figure 7 – Tamper Evident Labels Applied to Rear Panel ...

Page 10 - Figure 9 – Damaged Tamper-Evident Label; Roles and Services

© Copyright 2000 Nortel Networks. 10 Attempting to remove a label breaks it or continually tears off small fragments as depicted inFigure 9. Other signs of tamper-evidence include a strong smell of organic solvents, warped orbent cover metal, and scratches in the paint on the module. FIPS 140-1 Leve...

Page 11 - Crypto Officer Services; Configure the Switch

© Copyright 2000 Nortel Networks. 11 • IPSec Protocol Tunnels • PPTP Protocol Tunnels • L2TP Protocol Tunnels • L2F Protocol Tunnels • Change Password 2.4.1 Crypto Officer Services There is a factory default login ID and password, which allows access to the Crypto Officerrole. This initial account i...

Page 12 - Status Functions; Managing the; User Services; manage users

© Copyright 2000 Nortel Networks. 12 • Status Functions : to view the switch configuration, routing tables, active sessions, use Gets to view SNMP { XE "SNMP" } MIB II { XE "SNMP:MIB II" } statistics, usage graphs, health, temperature, memory status, voltage, packet statistics, andre...

Page 13 - Key Management; Secure Operation of the Contivity Switch

© Copyright 2000 Nortel Networks. 13 2.5 Key Management The switch securely administers both cryptographic keys and other critical security parameterssuch as User passwords. Ephemeral sessions keys are created during the negotiation of securetunnels on behalf of Users who have successfully authentic...

Page 14 - Recommended; Change the default administrator password on the switch.; Required; Apply the tamper evident labels as described in section 2.3

© Copyright 2000 Nortel Networks. 14 Recommended • Change the default administrator password on the switch. • Disable all management protocols over private non- tunnelled interfaces Required • Select the “FIPS Enabled” button on the Service Available Management screens andrestart the module. • Apply...