Nortel 4600 - Manuals - manualsarea.com

Page 2 - Table of Contents

2 Table of Contents 1 Introduction .............................................................................................................. 3 1.1 Purpose................................................................................................................. 3 1.2 References .............

Page 3 - Introduction; Purpose

3 1 Introduction 1.1 Purpose This is a non-proprietary cryptographic module security policy for the Contivity™Extranet Switch 4600. This security policy describes how the Contivity™ ExtranetSwitch 4600 meets the security requirements of FIPS 140-1, and how to operate theContivity™ Extranet Switch 46...

Page 5 - The Contivity Extranet 4600 Switch; Cryptographic Module; Figure 1 – The Contivity Extranet 4600 Switch; Module Interfaces

5 2 The Contivity Extranet 4600 Switch The Nortel Networks Contivity Extranet Switch 4600 (referred to as the module, orSwitch in this document) provides a scalable, secure, manageable remote access serverthat meets FIPS 140-1 level 2 requirements for a multiple-chip standalone module. Thefollowing ...

Page 7 - Physical Security; Figure 3 - Removing the front bezel

7 2.3 Physical Security A thick steel case protects the Contivity™ Extranet Switch 4600. The switch meets FCCrequirements in 47 CFR Part 15 for personal computers and peripherals designated forhome use (ClassB). The case has two removable portions: the front bezel and the topcover. Removing the fron...

Page 8 - Figure 4 – Front view without front bezel; as shown in Figure 5.

8 Figure 4 – Front view without front bezel Once the Extranet Switch has been configured in its FIPS 140-1 level 2 mode, the covermay not be removed without signs of tampering. To seal the cover, apply three serializedtamper-evident labels as follows: 1. Clean the cover of any grease, dirt, or oil b...

Page 9 - Figure 5 – Tamper-Evident Labels Applied to Switch; Contivity Extranet Switch; Contivity Extranet Switch; Figure 7 – Damaged Tamper-Evident Label

9 Figure 5 – Tamper-Evident Labels Applied to Switch The tamper-evident seals are produced from a special thin gauge white vinyl with self-adhesive backing. Any attempt to open the switch will damage or destroy the tamper-evident seals or the painted surface and metal of the module cover. Since the ...

Page 10 - Roles and Services; Table 2 – Matrix of Services

10 2.4 Roles and Services The switch supports up to 5000 simultaneous user sessions using Internet ProtocolSecurity (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer Two TunnelingProtocol (L2TP), and Layer Two Forwarding (L2F). In addition, an administrator maysecurely configure the switch ei...

Page 11 - Crypto Officer Services

11 • IPSec Protocol Tunnels • PPTP Protocol Tunnels • L2TP Protocol Tunnels • L2F Protocol Tunnels • Change Password 2.4.1 Crypto Officer Services There is a factory default login ID and password, which allows access to the CryptoOfficer role. This initial account is the primary administrator's acco...

Page 12 - User Services

12 direction. The administrator may use any of the pre-defined Rules or createcustom Rules to be included in each Filter. • Status Functions: to view the switch configuration, routing tables, activesessions, use Gets to view Simple Network Management Protocol (SNMP)Management Information Base (MIB) ...

Page 13 - Key Management

13 Authentication Protocol (PAP). MS-CHAP can use no encryption, 40-bit RC4, 128-bit RC4 encryption. When operated in a FIPS 140-1compliant manner, MS-CHAP is not enabled with RC4 encryption. • L2TP: Requires authentication using MS-CHAP CHAP, or PAP. MS-CHAP can use no encryption, 40-bit RC4, 128-b...

Page 15 - Secure Operation of the Contivity Switch; Recommended; Change the default administrator password on the switch.; Required; Apply the tamper evident labels as described in section 2.3

15 3 Secure Operation of the Contivity Switch The Contivity Switch is a versatile machine; it can be run in a Normal Operating Mode ora FIPS Operating Mode (FIPS mode). In FIPS mode, the switch meets all the Level 2requirements for FIPS 140-1. To place the module in FIPS mode, click the “FIPSEnabled...