XSR-1805, XSR-1850, and XSR-3250 (Hardware Version: REV 0A-G, Software Version: REL 6.3, Firmware Version: REL 6.3) FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation Version 1.00 September 2003 © Copyright 2003 Enterasys Networks This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Table of Contents INTRODUCTION............................................................................................................. 3 PURPOSE ....................................................................................................................... 3 REFERENCES ................................................................................................................. 3 DOCUMENT ORGANIZATION ...........................................................................................
Introduction Purpose This document is a nonproprietary Cryptographic Module Security Policy for the Enterasys Networks XSR-1805, XSR-1850, and XSR-3250 appliances. This security policy describes how the XSR-1805, XSR-1850, and XSR-3250 meet the security requirements of FIPS 140-2 and how to run the modules in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module.
This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Enterasys Networks. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Enterasys Networks and can be released only under appropriate non-disclosure agreements. For access to these documents, please contact Enterasys Networks.
ENTERASYS NETWORKS XSR-1805, XSR-1850, AND XSR-3250 Overview Part of the Enterasys Networks X-Pedition Security Router (XSR) series, the XSR-1805, XSR-1850, and XSR-3250 modules are networking devices that combine a broad range of IP routing features, a broad range of WAN interfaces and a rich suite of network security functions, including site-to-site and remote access VPN connectivity and policy managed, stateful-inspection firewall functionality.
ideal to support mission- critical applications extending to the branch office. The XSR-3250 offers nearly ten times the performance speed of the XSR1850 and approximately 15 times more VPN tunnels. Coupling these features with the six network interface module (NIM) slots makes the XSR3250 ideally suited to a regional office required to terminate up to six T3/E3 or 24 T1/E1 connections. A redundant power supply is included. The features of each XSR module are summarized in Table 1.
The hardware components for the XSR-18xx modules vary slightly to meet the performance level for each module. The XSR-1850 is an enhancement of the XSR-1805 consisting of the following additional features: • Two fans • External power source connector • One PMC slot for PPMC card • 19” 1.5 U rack-mount chassis • 64 MB of DRAM Due to the large difference in performance levels, the XSR-3250 hardware components vary quite significantly, when compared to the XSR-18xx modules.
The software image is contained in a single file with the power-up diagnostics. It is based on the Nortel Open IP design model and runs on top of the VxWorks operating system. The modules are intended to meet overall FIPS 140-2 Level 2 requirements (see Table 2).
• Ten status LEDs • One power connector • One power switch • One default configuration button The XSR-1850 implements the same physical ports as the XSR-1805 and the following additional ones: • External power source connector • PPMC slot for Processor The XSR-3250 varies to the XSR-1805 modules as follows: • One additional power source connector © Copyright 2003 Enterasys Networks Page 9 of 25 This document may be freely reproduced and distributed whole and intact including this Copyright N
• Three 10/100/1000BaseT GigabitEthernet LAN ports with two LEDs on each port, instead of the two 10/100BaseT FastEthernet LAN ports • Mini-Gigabit Interface Converter (MGBIC) fiberoptic port plus two LEDs • Two NCC slots with two NIM slots on each card • No power switch • No default configuration button All of these physical ports are separated into logical interfaces defined by FIPS 140-2, as described in Table 3: Module Physical Ports Network ports Network ports Network ports, console port, pow
Roles and Services The module supports role-based and identity-based authentication1. There are two main roles in the module (as required by FIPS 140-2) that operators may assume: a Crypto Officer role and User role. Crypto Officer Role The Crypto Officer role has the ability to configure, manage, and monitor the module. Three management interfaces can be used for this purpose: • CLI – The Crypto Officer can use the CLI to perform non-securitysensitive and security-sensitive monitoring and configuration.
• Read-only Crypto Officer – Management users with privilege level zero assume the Read-only Crypto Officer role. The Read-only Crypto Officer can only issue monitoring commands with low security level. Examples of commands are: show version and show clock. Descriptions of the services available to the Crypto Officer role are provided in the table below.
Management Configuring the T1/E1 Subsystem Interfaces Configuring the XSR Platform Configuring Hardware Controllers Configuring the Internet Protocol Configuring Frame Relay Configuring ISDN Configuring Quality of Service (QOS) Configuring the VPN Configuring DHCP Configuring Security Configuring key; create DSA host key for SSHv2; create management users and set their password and privilege level; configure the SNMP agent Define the T1/E1 subsystem functionality Define the platform subsystem software
Firewall authorization information for network traffic that flows through the box. configuration data. commands and configuration data. Table 4 – Crypto Officer Services, Descriptions, Inputs and Outputs, and CSPs User Role The User role accesses the module’s IPSec and IKE services.
Pre-shared key-based authentication (IKE) User mechanism is as strong as the RSA algorithm using a 1024 bit key pair. HMAC SHA-1 generation and verification is used to authenticate to the module during IKE with preshared keys. This mechanism is as strong as the HMAC with SHA-1 algorithm. Additionally, preshared keys must be at least six characters long.
Cryptographic Key Management The modules implement the following FIPS-approved algorithms: Type Symmetric Algorithm AES (CBC) Triple-DES (CBC and ECB) DES (CBC) Standard FIPS 197 FIPS 46-3 FIPS 46-3 Asymmetric DSA Hash function RSA Digital Signature SHA-1 FIPS 186-2 Change Notice 1 PKCS #1 FIPS 180-1 MAC HMAC SHA-1 FIPS 198 PRNG Appendix 3.1 (Algorithm 1) for computing DSA keys Appendix 3.1 for general purpose FIPS 186-2 Change Notice 1 Certificate Number Cert. #48, #106, #107 Cert.
the encryption accelerators. The encryption accelerators implement the following FIPS-approved algorithms: • XSR-18xx – Triple-DES, DES, and HMAC SHA-1 • XSR-3250 – AES, Triple-DES, DES, and HMAC SHA-1 Cryptographic processing is performed during SSHv2, SNMPv3, IKE, IPSec, and when accessing and storing database files.
IPSec session keys Load test HMAC SHA-1 key Passwords 56-bit DES, 168-bit TDES, or 128/192/256-bit AES keys; HMAC SHA-1 key ≥ 80-bit HMAC SHA-1 key Established during the Diffie-Hellman key agreement Stored in plaintext in memory Secure IPSec traffic External ≥ 6-character password (SNMPv3 requires at least 8 characters) External Stored encrypted in NVRAM of the real time clock chip If stored in configuration file, passwords are stored in plaintext in Flash; if stored in user.
If the master encryption key is generated within the module, the module outputs the key to the console as soon as the key is generated in order for the Crypto Officer to note down and store the key securely outside of the module. This is required, since the Crypto Officer must enter the current key before changing or removing it. The master secret key can only be configured through the serial console or over an SSH tunnel.
Self-Tests The module performs a set of self-tests in order to ensure proper operation in compliance with FIPS 140-2. These self-tests are run during power-up (power-up self-tests) or when certain conditions are met (conditional self-tests).
• Continuous random number generator test: this test is constantly run to detect failure of the random number generator of the module. • Manual key entry test: when entering a pre-shared key, master encryption key, or load test HMAC SHA-1 key, the module performs the manual key entry test by requesting the Crypto Officer to enter the key in twice. • Software load test: the module uses HMAC SHA-1 to check the validity of the software. Only validated software can be loaded into the modules.
SECURE OPERATION The XSR modules meet level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in a FIPS-approved mode of operation. The Crypto Officer must ensure that the module is kept in a FIPS-approved mode of operation. The procedures are described in “Crypto Officer Guidance”. The User can use the module after the Crypto Officer changes the mode of operation to FIPS mode. The secure operation for the User is described in “User Guidance” on page 24.
2. At the prompt , press Enter. 3. At the prompt , enter the password. 4. At the prompt , re-enter the password. 5. At the prompt, enter bc for cold boot. The Crypto Officer must now set the at least six character long CLI password. To set the CLI password 1. When the XSR login appears, enter admin and enter no (blank) password. 2. At the CLI prompt, enter enable to acquire Privileged EXEC mode. 3.
• Dial backup access must be disabled. • Syslog remote logging must be disabled. • VPN services can only be provided by IPSec or L2TP over IPSec. • Only SNMPv3 can be enabled. • If cryptographic algorithms can be set for services (such as IKE/IPSec and SNMP), only FIPS-approved algorithms can be specified. These include the following: o AES o Triple-DES o DES o SHA-1 o HMAC SHA-1 o DSA o RSA signature and verification • FTP and TFTP can only be used to load valid software files.
ACRONYMS AAA AES ANSI BOM CLI CSP DES DSA EDC EMC EMI ESD FCC FIPS FTP IKE IPSec KAT L2TP LAN LED MAC MIB NIM NIST NVRAM PRNG RAM RADIUS RSA SHA SNMP SP SSH TFTP VPN WAN XSR Authentication, Authorization, and Accounting Advanced Encryption Standard American National Standards Institute Bill of Materials Command Line Interface Critical Security Parameter Data Encryption Standard Digital Signature Standard Error Detection Code Electromagnetic Compatibility Electromagnetic Interference Electro Static Dissipat
