Avaya G250 User Manual
  1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Gateway
  5. Media Gateway G250
  6. User manual
Avaya G250 User Manual

Avaya G250 User Manual

Office media gateways w/fips non-proprietary security policy
Hide thumbs Also See for G250:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual, Technical White Paper
Avaya G250 and G250-BRI Branch
Office Media Gateways w/FIPS
Non-Proprietary Security
Policy
Avaya Inc.
Revision Date: 14 December 2005
Version 1.2
© 2005 Avaya Inc. May be reproduced only in its original entirety [without revision].
Page 1 of 23
CID 108398

Advertisement

Table of Contents
loading

Related Manuals for Avaya G250

Summary of Contents for Avaya G250

  • Page 1 Avaya G250 and G250-BRI Branch Office Media Gateways w/FIPS Non-Proprietary Security Policy Avaya Inc. Revision Date: 14 December 2005 Version 1.2 © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 1 of 23 CID 108398...

  • Page 2: Table Of Contents

    HYSICAL ECURITY ECHANISMS 8.2.........................21 PERATOR EQUIRED CTIONS MITIGATION OF OTHER ATTACKS POLICY ..................21 REFERENCES ............................21 DEFINITIONS AND ACRONYMS ......................22 © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 2 of 23 CID 106595...

  • Page 3: G250/G250-Bri Module Overview

    G250-BRI contains additional ISDN-B circuitry with 2 ISDN-BRI trunks plus 1 Analog trunk versus 4 Analog trunks in G250. The rules in this policy generally apply to all the above devices. Exceptions are explicitly rendered by device name, otherwise general cryptographic module notation is used.

  • Page 4: Security Level

    The module cryptographic module meets the overall requirements applicable to Level 1 security of FIPS 140-2. Security Requirements Section Level Cryptographic Module Specification Module Ports and Interfaces © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 4 of 23 CID 106595...

  • Page 5: Modes Of Operation

    (CLI), and verification that the configuration meets the requirements specified in (Section 2.3), and © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 5 of 23...

  • Page 6: Non-Fips Mode Of Operation

    If not installed download the Avaya License file with VPN feature activated Physically disconnect all network interfaces © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 6 of 23 CID 106595...
  • Page 7 28. Activate the crypto-list(s) on all cipher-text interfaces. For flows that need to be encrypted even if directed to clear-text interfaces, apply crypto-lists to all interfaces. 29. Save running config to startup config. © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 7 of 23 CID 106595...

  • Page 8: Ports And Interfaces

    4. Analog Line Analog Phones. Line 2 ceases to be a data input/output from the module and is directly connected to Analog © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 8 of 23 CID 106595...
  • Page 9 15. LEDs on ETH Status Output Link state and activity indication on the associated data interface Table 3 – G250 Ports and Interfaces © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 9 of 23 CID 106595...

  • Page 10: G250-Bri Ports And Interfaces

    Line 2, providing a power interface, when an emergency state occurs: Power failure Failure to communicate with a call controller Firmware error state © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 10 of 23 CID 106595...

  • Page 11: Identification And Authentication Policy

    Radius Server © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 11 of 23 CID 106595...

  • Page 12: Strengths Of Authentication Mechanisms

    6 characters 1/ 689,869,781,056 1 / 209,052 Radius Crypto Officer, 8 characters 1 / 6,095,689,385,410,816 1 / 1,847,178,602 User, Read-Only User © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 12 of 23 CID 106595...

  • Page 13: Access Control Policy

    • IPSec traffic processing: use AES, DES, TDES, and HMAC-SHA1. • Serial number exchange service: use encryption to prevent fraud of Avaya license activation. © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 13 of 23 CID 106595...
  • Page 14 • Self-tests: execute the suite of self-tests required by FIPS 140-2 during power-up not requiring operator intervention. • Zeroize: destroy all plaintext secret parameters and cryptographic keys. © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 14 of 23 CID 106595...

  • Page 15: Roles And Services

    IKE negotiation IPSec traffic processing Serial Number Exchange OSPF routing PPPoE connection Radius authentication Table 7 – Services to Roles mapping © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 15 of 23 CID 106595...

  • Page 16: Definition Of Critical Security Parameters (Csp S )

    User password Used for password authentication of CLI users. Root password Used for authentication of default CLI user during first setup. © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 16 of 23 CID 106595...

  • Page 17: Definition Of Csps Modes Of Access

    • Read: the data item is read from memory. • Write: the data item is written into memory. • Zeroize: the data item is actively overwritten. © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 17 of 23 CID 106595...
  • Page 18 IPSEC SA Phase-2 TDES key IPSEC SA Phased-2 AES key IPSEC SA Phased-2 HMAC keys IPSEC SA Phased-2 keys per protocol © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 18 of 23 CID 106595...

  • Page 19: Operational Environment

    The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the device does not support the loading and execution of un-trusted code. Avaya digitally signs firmware images of the crypto module using RSA. Through this signature, the crypto module verifies the authenticity of any update to its firmware image.

  • Page 20: Security Rules

    5. The module shall support concurrent operators and shall maintain separation of roles and services. 6. The users of the system can plug-in and use any Avaya Media Module that does not support cryptographic functionality without restriction. 7. Media modules with cryptographic functionality must be tested and validated separately against the requirements FIPS 140-2.

  • Page 21: Physical Security Policy

    NIST website at http://csrc.nist.gov/cryptval/ • For more information about Avaya ask your Avaya representative or see http://www.avaya.com/ • For more information about Avaya G250 Media Gateway ask your Avaya representative or see http://www.avaya.com/gcm/master-usa/en- us/products/offers/g250_media_gateway.htm © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision].

  • Page 22: Definitions And Acronyms

    PPPoE – Point-To-Point over Ethernet PTLS – Avaya Proprietary Transport Layer Security RSA – Rivest Shamir Adelman Algorithm SNMP – Simple Network Management Protocol © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 22 of 23 CID 106595...
  • Page 23 Wednesday, 14 December, 2005 TFTP – Trivial File Transfer Protocol USB – Universal Serial Bus WAN – Wide Area Network © 2005 Avaya Inc. May be reproduced only in its original entirety [without revision]. Page 23 of 23 CID 106595...

This manual is also suitable for:

G250-bri

Table of Contents