1. Manuals
  2. Brands
  3. Motorola Manuals
  4. Network Router
  5. S2500
  6. Security manual

Crypto Officer Guidance - Motorola S2500 Security Manual

Motorola network router security policy
Hide thumbs
Table of Contents

Advertisement

B. Conditional Self-Tests:
a. Continuous Random Number Generator (RNG) test on FIPS-approved
b. Firmware load test – RSA signature verification of externally loaded code.
c. Alternating bypass tests – when enabling FRF.17 and IPsec encryption.
d. Pair-wise consistency test for public and private key establishment (RSA
e. Manual key entry test
4. At any time the MNR S2500 router is in an idle state, the operator can command the
router to perform the power-up self-test by power-cycling or rebooting the router.
5. Data output is inhibited during key generation, self-tests, zeroization, and error states.
6. Status information does not contain CSPs or sensitive data that if misused could lead to a
compromise of the module.
7. The operator shall not modify any IPsec selector lists.

9. Crypto Officer Guidance

On initial installation, perform the following steps:
1. Power on the module and verify successful completion of power-up self tests from
console port or inspection of log file.
2. Authenticate to the module using the default user acting as the Crypto Officer with the
default password and username.
3. Verify that the Hardware and Firmware P/Ns and version numbers of the module are the
FIPS approved versions.
4. Change the Network Manager (Crypto Officer) and User passwords using the
SysPassWord command.
5. Initialize the Key Encryption Key (KEK) with the KEKGenerate command. Account
passwords and certain keys are persistent across reboots and are encrypted with the Key
Encryption Key (KEK). This key can be reinitialized at any time.
The module supports a minimum password length of 7 characters and a maximum length of 15
characters. The Crypto Officer controls the minimum password length through the
PwMinLength parameter:
SETDefault -SYS PwMinLength = <length>, where <length> specifies the minimum length.
Before entering or exiting the Maintenance Role or non-FIPS mode, the operator shall use the
Zeroization Service to zeroize all CSPs. The Zeroization Service should also be invoked prior to
removing a router from service for repair.
deterministic RNG and Hardware NDRNG.
and DSA)
MNR S2500 Security Policy
Version 1.3, Revision Date: 1/13/2009
Page 16
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Motorola S2500

Related Content for Motorola S2500

Table of Contents