Secure Operation; Crypto-Officer Guidance; Initialization; Management - Polycom VSX 3000 Manual
Non-proprietary cryptographic module security policy
Hide thumbs
Also See for VSX 3000:
- Integrator's reference manual (418 pages) ,
- Administrator's manual (224 pages) ,
- Getting started manual (51 pages)
Table of Contents
Advertisement
Non-Proprietary Security Policy, Version 1.0
2 Secure Operation
The VSX 3000, VSX 5000, and VSX 7000s meet Level 1 requirements for FIPS 140-2. The sections below describe
how to place and keep the module in FIPS-approved mode of operation.
2.1 Crypto-Officer Guidance
The Crypto-Officer is responsible for initialization and security-relevant configuration and management of the
module through the web management interface, serial port from a non networked PC, or secure Telnet over TLS.
Please see Polycom's Administrator's Guide for the VSX Series for more information on setting up, configuring and
maintaining the modules.
2.1.1
Initialization
The Crypto-Officer is responsible for putting the modules in FIPS mode of Operation, by enabling the system to
automatically encrypt calls. AES encryption is a standard feature on all VSX systems. The system will be shipped
by default in Non-Secure Mode. To put the modules in FIPS mode of Operation, the Crypto-Officer must:
o
Go to System
o
Select Secure Mode
o
Selecting the Secure mode will result in a system reset
o
The change of mode from Non-Secure mode to secure mode shall initiate Crypto-Officer password
change request
2.1.2
Management
Following are the points of System behavior in FIPS mode of Operation:
Default password (System Serial number) or Dummy password (No password), is not allowed for
o
'admin' login in the secured mode.
Only https over TLS, secure telnet, and secure FTP connections are allowed in the secured mode. The
o
standard http connections with no security will not be allowed.
Media encryption during a call (H.323/H.320) will always be set to ON (AES-Encryption ON)
o
The following table details the port number to be used for secure applications, telnet, FTP, and https over TLS.
Application
TLS Telnet Debug Port
TLS Telnet API Port
TLS FTP for control Connection
TLS FTP for data Connection
TLS http
The Crypto-Officer is able to monitor and configure the module via the web interface (https over TLS), serial port,
or via secure telnet (Telnet over TLS). Detailed instructions to monitor and troubleshoot the systems are provided in
the Administrator's Guide for the VSX Series.
Software upgrade is not allowed in FIPS mode of Operation.
Polycom VSX 3000, VSX 5000, and VSX 7000s
© 2007 Polycom, Inc. -
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Admin Settings
System Security
Port Number
992
993
990
989
443
June 15, 2007
Page 20 of 23
- Quick Links:
- Figure 1 - Vsx 3000
Hide quick links:
Advertisement
Table of Contents
