Enterasys X-Pedition XSR-1805 Owner's Manual
  1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Network Router
  5. X-Pedition XSR-1805
  6. Owner's manual

Enterasys X-Pedition XSR-1805 Owner's Manual

X-pedition security router
Hide thumbs Also See for X-Pedition XSR-1805:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual
XSR-1805, XSR-1850, and XSR-3250
(Hardware Version: REV 0A-G, Software Version: REL 6.3, Firmware Version: REL 6.3)
FIPS 140-2 Non-Proprietary

Security Policy

Level 2 Validation
Version 1.00
September 2003
© Copyright 2003 Enterasys Networks
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Advertisement

Table of Contents
loading

Related Manuals for Enterasys X-Pedition XSR-1805

Summary of Contents for Enterasys X-Pedition XSR-1805

  • Page 1: Security Policy

    XSR-1805, XSR-1850, and XSR-3250 (Hardware Version: REV 0A-G, Software Version: REL 6.3, Firmware Version: REL 6.3) FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation Version 1.00 September 2003 © Copyright 2003 Enterasys Networks This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 2: Table Of Contents

    INTRODUCTION... 3 ... 3 URPOSE ... 3 EFERENCES OCUMENT RGANIZATION ENTERASYS NETWORKS XSR-1805, XSR-1850, AND XSR-3250 ... 5 ... 5 VERVIEW RYPTOGRAPHIC ODULE ... 8 ODULE NTERFACES ... 11 OLES AND ERVICES Crypto Officer Role... 11 User Role ... 14 Authentication Mechanisms ...

  • Page 3: Introduction

    The Enterasys Networks XSR-1805, XSR-1850, and XSR-3250 appliances are referenced in this document as X-Pedition Security Routers, XSR modules, and the modules. The XSR-1805 and XSR-1850 modules are also referenced as the XSR-18xx modules. The differences between the three modules are cited where appropriate.
  • Page 4 Networks and can be released only under appropriate non-disclosure agreements. For access to these documents, please contact Enterasys Networks. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Page 4 of 25...

  • Page 5: Enterasys Networks Xsr-1805, Xsr-1850, And Xsr-3250

    A typical deployment of the modules is shown in Figure 1 below. The XSR-1805 is an entry-level, modular router in a desktop form factor delivering powerful performance and features to address the WAN, VPN, and firewall needs of remote offices.

  • Page 6: Cryptographic Module

    The metal enclosure physically encloses the complete set of hardware and software components, and represents the cryptographic boundary of each module. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Page 7 The hardware components for the XSR-18xx modules vary slightly to meet the performance level for each module. The XSR-1850 is an enhancement of the XSR-1805 consisting of the following additional features: • Two fans • External power source connector • One PMC slot for PPMC card •...

  • Page 8: Module Interfaces

    (see Table 2). Section Table 2 – Intended Level Per FIPS 140-2 Section Module Interfaces The XSR-1805 provides a number of physical ports: • Two 10/100BaseT FastEthernet LAN ports • One console port • Two PCM slots • One PCMCIA slot for the optional CompactFlash card Enterasys Networks ©...
  • Page 9 • Ten status LEDs • One power connector • One power switch • One default configuration button The XSR-1850 implements the same physical ports as the XSR-1805 and the following additional ones: • External power source connector • PPMC slot for Processor The XSR-3250 varies to the XSR-1805 modules as follows: •...
  • Page 10 The modules distinguish between different forms of data, control, and status traffic over the network ports by analyzing the packets header information and contents. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 11: Roles And Services

    SNMP show commands. Please note that overall the modules meet the level 2 requirements for Roles and Services. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Page 12 Configuring Create or specify Network master encryption Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Input Output SSH key SSH outputs and...
  • Page 13 Access List, AAA, and firewall functionality Configuring Define the Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. configuration data Commands and Status of configuration data...

  • Page 14: User Role

    Authentication Type Password-based authentication (CLI, SNMP, and Bootrom monitor mode) RSA-based authentication (IKE) Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. configuration data. commands and configuration data. Input...

  • Page 15: Physical Security

    All three modules require tamper-evident labels to be applied to protect and to notify of any tampering with the modules. Depending on whether the NIM slots are used, the XSR-1805 requires a minimum of seven and a maximum of nine labels to be applied, the XSR-1850 requires a minimum of five and a maximum of seven labels, and the XSR-3250 requires a minimum of four and a maximum of six labels.

  • Page 16: Cryptographic Key Management

    • Diffie-Hellman (permitted for use in a FIPS-approved mode of operation) Cryptographic algorithms are implemented in software and in hardware by Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Page 17 SSHv2 session 168-bit TDES or keys 128/192/256-bit AES keys; HMAC SHA-1 keys Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Generation Storage External Hard-coded in plaintext Internal –...

  • Page 18: Key Generation

    IPSec secured remote session is used or manually if the module is accessed locally through the console port. When these keys are manually entered, a manual key entry test is performed. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 19: Key Storage

    Passwords can be zeroized by overwriting them with new ones or by pressing the default configuration button (XSR-18xx only). Session keys can be zeroized by rebooting the module. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 20: Self-Tests

    IKE. • DSA pair-wise consistency test: this test is performed when DSA keys are generated for SSHv2. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 21: Design Assurance

    Visual Source Safe version 6.0. Mitigation of Other Attacks The modules do not employ security mechanisms to mitigate specific attacks. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Page 21 of 25...

  • Page 22: Secure Operation

    Crypto Officer accesses the mode, the Crypto Officer must set the at least six character long Bootrom password. To set the Bootrom password 1. Enter bp Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Page 22 of 25...

  • Page 23: Management

    • Passwords must be at least six characters long. • Telnet access must be disabled unless used over IPSec. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 24: User Guidance

    Although outside the boundary of the module, the User should be careful not to provide authentication information and session keys to other parties. Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 25: Acronyms

    NIST NVRAM PRNG RADIUS SNMP TFTP Enterasys Networks © Copyright 2003 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Authentication, Authorization, and Accounting Advanced Encryption Standard American National Standards Institute Bill of Materials...

This manual is also suitable for:

X-pedition xsr-1850X-pedition xsr-3250

Table of Contents