User Guidance - Enterasys X-Pedition XSR-1805 Owner's Manual

• Dial backup access must be disabled.
• Syslog remote logging must be disabled.
• VPN services can only be provided by IPSec or L2TP over IPSec.
• Only SNMPv3 can be enabled.
• If cryptographic algorithms can be set for services (such as
• FTP and TFTP can only be used to load valid software files.
• The module logs must be monitored. If a strange activity is found,
• The tamper-evident labels must be regularly examined for signs of

User Guidance

The User accesses the module VPN functionality as an IPSec client.
Although outside the boundary of the module, the User should be careful
not to provide authentication information and session keys to other parties.
Enterasys Networks
© Copyright 2003
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
IKE/IPSec and SNMP), only FIPS-approved algorithms can be
specified. These include the following:
o AES
o Triple-DES
o DES
o SHA-1
o HMAC SHA-1
o DSA
o RSA signature and verification
(FTP and TFTP over IPSec can be used to transfer configuration
files.)
the Crypto Officer should take the module off line and investigate.
tampering.
Page 24 of 25