Nortel Contivity Secure IP Services Gateway 4600 Owner's Manual
  1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Switch
  5. 4600
  6. Owner's manual
Nortel Contivity Secure IP Services Gateway 4600 Owner's Manual

Nortel Contivity Secure IP Services Gateway 4600 Owner's Manual

Fips 140-1 non-proprietary cryptographic module security policy
Hide thumbs Also See for Contivity Secure IP Services Gateway 4600:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
Contivity™ Extranet Switch 4600
FIPS 140-1 Non-Proprietary
Cryptographic Module Security Policy
Level 2 Validation
June 2001
© Copyright 2001 Nortel Networks.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Advertisement

Table of Contents
loading

Related Manuals for Nortel Contivity Secure IP Services Gateway 4600

Summary of Contents for Nortel Contivity Secure IP Services Gateway 4600

  • Page 1 Contivity™ Extranet Switch 4600 FIPS 140-1 Non-Proprietary Cryptographic Module Security Policy Level 2 Validation June 2001 © Copyright 2001 Nortel Networks. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 2: Table Of Contents

    Introduction ... 3 Purpose... 3 References... 3 Document Organization ... 3 The Contivity Extranet 4600 Switch... 5 Cryptographic Module ... 5 Module Interfaces ... 5 Physical Security... 7 Roles and Services ... 10 2.4.1 Crypto Officer Services ... 11 2.4.2 User Services...

  • Page 3: Introduction

    More information is available on the Contivity™ Extranet Switch 4600 and the entire line of Contivity™ products from the following sources: The Nortel Networks web site contains information on the full line of Contivity products at www.nortelnetworks.com. For answers to technical or sales related questions please refer to the contacts listed on the Nortel Networks web site at www.nortelnetworks.com.
  • Page 4 FIPS 140-1 certification submission documentation is Nortel-proprietary and is releasable only under appropriate non-disclosure agreements. Please contact Nortel Networks for access to these documents.

  • Page 5: The Contivity Extranet 4600 Switch

    2 The Contivity Extranet 4600 Switch The Nortel Networks Contivity Extranet Switch 4600 (referred to as the module, or Switch in this document) provides a scalable, secure, manageable remote access server that meets FIPS 140-1 level 2 requirements for a multiple-chip standalone module. The following sections describe how the Switch addresses FIPS 140-1 requirements.
  • Page 6 The physical interfaces include a power plug, power and reset switches, a serial port, a LAN Port RJ-45 connector and up to two additional network connectors. Each RJ-45 connector is accompanied by light emitting diodes (LEDs). The LAN Port LEDs, with the green LED indicating 100Mbps activity and the orange LED indicating link status and activity, are located on the back panel of the module.

  • Page 7: Physical Security

    Physical Security A thick steel case protects the Contivity™ Extranet Switch 4600. The switch meets FCC requirements in 47 CFR Part 15 for personal computers and peripherals designated for home use (ClassB). The case has two removable portions: the front bezel and the top cover.
  • Page 8 Figure 4 – Front view without front bezel Once the Extranet Switch has been configured in its FIPS 140-1 level 2 mode, the cover may not be removed without signs of tampering. To seal the cover, apply three serialized tamper-evident labels as follows: 1.
  • Page 9 Figure 5 – Tamper-Evident Labels Applied to Switch The tamper-evident seals are produced from a special thin gauge white vinyl with self- adhesive backing. Any attempt to open the switch will damage or destroy the tamper- evident seals or the painted surface and metal of the module cover. Since the tamper- evident labels have non-repeated serial numbers, the labels may be inspected for damage and compared against the applied serial numbers to verify that the module has not been tampered.

  • Page 10: Roles And Services

    Roles and Services The switch supports up to 5000 simultaneous user sessions using Internet Protocol Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), and Layer Two Forwarding (L2F). In addition, an administrator may securely configure the switch either locally or remotely. Remote administration is secured by one of the secure tunneling protocols supported by the box.

  • Page 11: Crypto Officer Services

    IPSec Protocol Tunnels PPTP Protocol Tunnels L2TP Protocol Tunnels L2F Protocol Tunnels Change Password 2.4.1 Crypto Officer Services There is a factory default login ID and password, which allows access to the Crypto Officer role. This initial account is the primary administrator's account for the Switch, and guarantees that at least one account is able to assume the Crypto Officer role and completely manage the switch and users.

  • Page 12: User Services

    direction. The administrator may use any of the pre-defined Rules or create custom Rules to be included in each Filter. Status Functions: to view the switch configuration, routing tables, active sessions, use Gets to view Simple Network Management Protocol (SNMP) Management Information Base (MIB) II statistics, usage graphs, health, temperature, memory status, voltage, packet statistics, and review accounting logs.

  • Page 13: Key Management

    Authentication Protocol (PAP). MS-CHAP can use no encryption, 40- bit RC4, 128-bit RC4 encryption. When operated in a FIPS 140-1 compliant manner, MS-CHAP is not enabled with RC4 encryption. L2TP: Requires authentication using MS-CHAP CHAP, or PAP. MS- CHAP can use no encryption, 40-bit RC4, 128-bit RC4 encryption. When operated in a FIPS 140-1 compliant manner, MS-CHAP is not enabled with RC4 encryption.

  • Page 14: Self-Tests

    contained on the floppy disk via the module’s management interface. The format utility then causes the firmware of the module to be erased RSA keys: These RSA public/private key-pairs are used for generating and verifying digital signatures for authentication of users during IPSec tunneling sessions.

  • Page 15: Secure Operation Of The Contivity Switch

    3 Secure Operation of the Contivity Switch The Contivity Switch is a versatile machine; it can be run in a Normal Operating Mode or a FIPS Operating Mode (FIPS mode). In FIPS mode, the switch meets all the Level 2 requirements for FIPS 140-1.
  • Page 16 has the capability to submit shell commands) then the Crypto Officer should reinstall the Nortel firmware from a trusted media such as the installation CD or the Nortel website.

This manual is also suitable for:

Contivity extranet switch 4600

Table of Contents