Contivity™ Extranet Switch 4500 FIPS 140-1 Non-Proprietary Cryptographic Module Security Policy Level 2 Validation February 2000 © Copyright 2000 Nortel Networks. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Table of Contents 1 Introduction.................................................................................................................. 3 1.1 1.2 1.3 1.4 2 Purpose................................................................................................................... 3 References............................................................................................................... 3 Terminology..................................................................................
1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the Contivity™ Extranet Switch 4500. This security policy describes how the Contivity™ Extranet Switch 4500 meets the security requirements of FIPS 140-1, and how to operate the Contivity™ Extranet Switch 4500 in a secure FIPS 140-1 mode. This policy was prepared as part of the level 2 FIPS 1401 certification of the Contivity™ Extranet Switch 4500.
This document provides an overview of the Contivity™ Switch and explains the secure configuration and operation of the module. This introduction section is followed by Section 2, which details the general features and functionality of the Contivity™ Switch. Section 3 specifically addresses the required configuration for the FIPS-mode of operation. This Security Policy and other Certification Submission Documentation was produced by Corsec Security, Inc. under contract to Nortel Networks.
2 The Contivity Extranet 4500 Switch The Nortel Networks Contivity Extranet Switch 4500 provides a scalable, secure, manageable remote access server that meets FIPS 140-1 level 2 requirements. This section will describe the general features and functionality provided by the Contivity Extranet Switch. Section 3 will provide further details on how the Contivity Switch addresses FIPS 140-1 requirements. 2.
. Figure 2 – Physical Interfaces The physical interfaces include the dual power plugs for the redundant power supplies, the power and reset buttons, the serial port, the LAN Port RJ-45 connector, and up to six slots containing additional network connectors. The power and reset buttons light up to indicate power and hard disk activity respectively.
Figure 4 – 10/100BASE-TX LAN LEDs These physical interfaces are separated into the logical interfaces from FIPS as described in the following table: Switch physical interface FIPS 140-1 Logical Interface 10/100BASE-TX LAN Port, LAN Port, Serial Port 10/100BASE-TX LAN Port, LAN Port, Serial Port Power Button, Reset Button, Serial Port, LAN Port LAN Port LEDs, 10/100BASE-TX LAN Port LEDs Serial Port Power Button Light Reset Button Light Dual Power Plugs Data Input Interface Data Output Interface Control
front bezel allows access to the dual power supplies, hard drives, and floppy drive. Removing the top cover or the I/O panel allows access to the motherboard, memory, and expansion slots. Figure 5 – The Steel Cover of the Extranet Switch 4500 Once the Extranet Switch 4500 has been configured in its FIPS 140-1 level 2 conformant mode, the system cannot be accessed without signs of tampering. To seal the system, apply serialized tamper-evident labels as follows: 1.
(2) Top Cover Labels (2) Front Bezel Labels Figure 6 – Tamper-Evident Labels Applied to Switch Front Bezel and Top Cover (1) Air Hole Label (2) AC Filter Input Labels (1) I/O Panel Label (1) Keyboard Connector Label Figure 7 – Tamper Evident Labels Applied to Rear Panel The tamper-evident seals are produced from a special thin gauge white vinyl with self-adhesive backing.
Attempting to remove a label breaks it or continually tears off small fragments as depicted in Figure 9. Other signs of tamper-evidence include a strong smell of organic solvents, warped or bent cover metal, and scratches in the paint on the module. FIPS 140-1 Level 2 Tamper Evident Label Contivity Extranet Switch Serial Number: 5673422 Figure 9 – Damaged Tamper-Evident Label 2.
• • • • • 2.4.1 IPSec Protocol Tunnels PPTP Protocol Tunnels L2TP Protocol Tunnels L2F Protocol Tunnels Change Password Crypto Officer Services There is a factory default login ID and password, which allows access to the Crypto Officer role. This initial account is the primary administrator's account for the Switch, and guarantees that at least one account is able to assume the Crypto Officer role and completely manage the switch and users.
• • Status Functions: to view the switch configuration, routing tables, active sessions, use Gets to view SNMP{ XE "SNMP" } MIB II{ XE "SNMP:MIB II" } statistics, usage graphs, health, temperature, memory status, voltage, packet statistics, and review accounting logs. Manage the Switch: to log off users, shut or reset the switch, disable or enable audible alarms, manually back up switch configurations, restore switch configurations, create a recovery diskette, etc.
2.5 Key Management The switch securely administers both cryptographic keys and other critical security parameters such as User passwords. Ephemeral sessions keys are created during the negotiation of secure tunnels on behalf of Users who have successfully authenticated themselves to the switch with their user ID and password. These keys are created for protocols like MS-CHAP and ISAKMP which securely negotiate key exchange and then allow encryption services for PPTP, L2TP, and IPSec.
Recommended • Change the default administrator password on the switch. • Disable all management protocols over private non-tunnelled interfaces Required • Select the “FIPS Enabled” button on the Service Available Management screens and restart the module. • Apply the tamper evident labels as described in section 2.3 • Disable cryptographic services that employ non-FIPS approved algorithms.
