Nortel 4500 FIPS Manual
  1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Switch
  5. 4500 FIPS
  6. Manual
Nortel 4500 FIPS Manual

Nortel 4500 FIPS Manual

Fips 140-1 non-proprietary cryptographic module security policy
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Contivity™ Extranet Switch 4500
FIPS 140-1 Non-Proprietary
Cryptographic Module Security Policy
Level 2 Validation
February 2000
© Copyright 2000 Nortel Networks.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Advertisement

Table of Contents
loading

Related Manuals for Nortel 4500 FIPS

Summary of Contents for Nortel 4500 FIPS

  • Page 1 Contivity™ Extranet Switch 4500 FIPS 140-1 Non-Proprietary Cryptographic Module Security Policy Level 2 Validation February 2000 © Copyright 2000 Nortel Networks. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 2: Table Of Contents

    Redundancy and Physical Security... 7 Roles and Services... 10 2.4.1 Crypto Officer Services... 11 2.4.2 User Services... 12 Key Management ... 13 Self Tests... 13 Secure Operation of the Contivity Switch... 13 Table of Contents © Copyright 2000 Nortel Networks.

  • Page 3: Introduction

    Contivity™ Extranet Switch 4500 and the entire line of Contivity™ products from the following sources: The Nortel Networks web site contains information on the full line of Contivity products at www.nortelnetworks.com. For answers to technical or sales related questions please refer to the contacts listed on the Nortel Networks web site at www.nortelnetworks.com.
  • Page 4 FIPS-mode of operation. This Security Policy and other Certification Submission Documentation was produced by Corsec Security, Inc. under contract to Nortel Networks. With the exception of this Non- Proprietary Security Policy, the FIPS 140-1 Certification Submission Documentation is Nortel- proprietary and is releasable only under appropriate non-disclosure agreements.

  • Page 5: The Contivity Extranet 4500 Switch

    2 The Contivity Extranet 4500 Switch The Nortel Networks Contivity Extranet Switch 4500 provides a scalable, secure, manageable remote access server that meets FIPS 140-1 level 2 requirements. This section will describe the general features and functionality provided by the Contivity Extranet Switch. Section 3 will provide further details on how the Contivity Switch addresses FIPS 140-1 requirements.
  • Page 6 Figure 3 shows details of the LAN Port LEDs, with the green LED indicating 100Mbps activity, and the orange LED indicating link status and activity. More information on these LEDs and the LAN Port interface can be found in the Contivity Extranet Switch 4500 Getting Started Guide, 1C.

  • Page 7: Redundancy And Physical Security

    47 CFR Part 15 for personal computers and peripherals designated for business use (ClassA), and is labeled in accordance with FCC requirements. The Contivity™ Extranet Switch 4500 is entirely encased by a thick steel chassis. The system has three removable portions: the front bezel, the top cover, and the I/O Panel. Removing the...
  • Page 8 Figure 5 – The Steel Cover of the Extranet Switch 4500 Once the Extranet Switch 4500 has been configured in its FIPS 140-1 level 2 conformant mode, the system cannot be accessed without signs of tampering. To seal the system, apply serialized tamper-evident labels as follows: 1.
  • Page 9 The tamper-evident seals are produced from a special thin gauge white vinyl with self-adhesive backing. Any attempt to open the switch will damage or destroy the tamper-evident seals, or the painted surface and metal of the module cover. Since the tamper-evident labels have non- repeated serial numbers, the labels may be inspected for damage and compared against the applied serial numbers to verify that the module has not been tampered with.

  • Page 10: Roles And Services

    RADIUS (Novell NDS, Microsoft Windows NT Domains, Security Dynamics ACE Server, Axent OmniGuard Defender) There are two main roles in the Switch (as required by FIPS 140-1) that users may assume: Crypto Officer role and User role. The administrator of the switch assumes the Crypto Officer role in order to configure and maintain the switch using Crypto Officer services, while the Users exercise only the User services.

  • Page 11: Crypto Officer Services

    They may also authenticate as a User over a secure tunnel and then authenticate to the switch as a Crypto Officer in order to manage the switch. An administrator can also configure the switch to allow or disallow management via a private LAN interface, without using a secure tunnel.

  • Page 12: User Services

    Manage the Switch: to log off users, shut or reset the switch, disable or enable audible alarms, manually back up switch configurations, restore switch configurations, create a recovery diskette, etc.

  • Page 13: Key Management

    In addition, there are checksum tests on the flash memory which are updated with flash changes. If any of these self-test fail the switch will transition into an error state. Within the error state, all secure data transmission is halted and the switch outputs status information indicating the failure.
  • Page 14 SSL cannot be used to establish secure connections For RIP – In FIPS mode, MD5 must be disabled. Note: A switch that has a Hardware Accelerator installed cannot be run in FIPS mode. There are several services that are effected by transitioning the module into FIPS compliant mode.

This manual is also suitable for:

Contivity extranet switch 4500

Table of Contents