1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Firewall
  5. NS-5400-P00A-S00
  6. Manual

Juniper NS-5400-P00A-S00 Manual

Fips 140-2 security policy
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
FIPS 140-2 S
P
ECURITY
OLICY
Juniper Networks
NetSreen-5400
HW P/N NS-5400 V
3010 FW V
S
5.0.0
9.
, S
5.0.0
9A.
S
5.0.0
9B.
ERSION
ERSIONS
CREENOS
R
H
CREENOS
R
H AND
CREENOS
R
H
Juniper NS-5400 Security Policy
1

Advertisement

Table of Contents
loading

Related Manuals for Juniper NS-5400-P00A-S00

Summary of Contents for Juniper NS-5400-P00A-S00

  • Page 1 FIPS 140-2 S ECURITY OLICY Juniper Networks NetSreen-5400 HW P/N NS-5400 V 3010 FW V 5.0.0 5.0.0 5.0.0 ERSION ERSIONS CREENOS CREENOS H AND CREENOS Juniper NS-5400 Security Policy...
  • Page 2 Copyright Notice Copyright © 2005 Juniper Networks, Inc. May be reproduced only in its original entirety [without revision]. Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, GigaScreen, and the NetScreen logo are registered trademarks of Juniper Networks, Inc. NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25,...

  • Page 3: Table Of Contents

    G. FIPS Certificate Verification ..................14 H. Critical Security Parameter (CSP) Definitions ............14 I. Public Key Definitions ....................14 J. Matrix Creation of Critical Security Parameter (CSP) versus the Services (Roles & Identity)..........................15 K. Definitions List ......................17 Juniper NS-5400 Security Policy...

  • Page 4: Scope Of Document

    A. Scope of Document The Juniper Networks NetScreen-5400 is an internet security device that integrates firewall, virtual private networking (VPN) and traffic shaping functionalities. The model number is NetScreen-5400 and includes interface options listed in Table 1. Part Number Model...

  • Page 5: Security Level

    VSYS Read-Only User Role: This role has the same operations as the Read-Only User Role above, except that a VSYS read-only user only operates within a particular virtual system. See the NetScreen Concept and Examples ScreenOS Reference Guide for more information about virtual systems. Juniper NS-5400 Security Policy...

  • Page 6: Interfaces

    1. 8GSPM: The 8GSPM provides eight Gigabit Ethernet mini-Gigabit Interface Converter (GBIC) ports (labeled 1-8) using hot-swappable transceivers. The 8GSPM delivers up to 4 Gigabits per-second (Gbps) of firewall and up to 2 Gbps of Virtual Private Network (VPN) capacity. Juniper NS-5400 Security Policy...
  • Page 7 • The fan tray has a status output LED: Illuminates solid green when the fan is operational, and is dark when it is not operational. Juniper NS-5400 Security Policy...

  • Page 8: Setting Fips Mode

    Telnet, NSM and HTTP (WEB UI) are allowed only through a VPN with AES encryption. • User names and passwords are case-sensitive. The password consists of at least six alphanumeric characters. Since there are 26 uppercase letters, 26 lowercase letters, and 10 digits, the total Juniper NS-5400 Security Policy...
  • Page 9 DSA-signed firmware image cryptographic strength analysis: the firmware is signed by a DSA private key, which is in the sole possession of Juniper Networks. The generated signature is attached to the firmware. In order for the device to accept an endorsed image, the image has to have a correct 40-byte (320-bit) signature.

  • Page 10: Other Parameters

    RADIUS server. The RADIUS server provides an external database for user role administrators. The NetScreen-5400 acts as a RADIUS proxy, forwarding the authentication request to the RADIUS server. The RADIUS server replies with either an accept or Juniper NS-5400 Security Policy...
  • Page 11 Upon a Telnet and console login failure, the next prompt will not come up for an estimated 5 seconds. • The NetScreen-5400's chips are production-grade quality and include standard passivation techniques. • The NetScreen-5400 is contained within a metal production-grade enclosure. Juniper NS-5400 Security Policy...
  • Page 12 CSPs. • The NetScreen-5400 includes the following algorithms: • FIPS Approved: SHA-1 TDES (CBC) DES (CBC) (transitional phase only valid until May 19, 2007) AES (CBC) HMAC-SHA-1 RSA Sign/Verify (PKCS #1) ANSI X9.31 DRNG Juniper NS-5400 Security Policy...
  • Page 13 Algorithm Error State or Device specific error state, depending on the self-test failure. The console displays error messages and the status LED flashes red. It is the responsibility of the Crypto-Officer to return the module to Juniper Networks for further analysis. •...

  • Page 14: Fips Certificate Verification

    Below is a list of the public keys utilized by the module: • Firmware Authentication Key: Used by the device to verify DSA signatures over firmware images. • CA DSA/RSA Public Key: Used by IKE to authenticate a peer’s certificate. Juniper NS-5400 Security Policy...

  • Page 15: Matrix Creation Of Critical Security Parameter (Csp) Versus The Services (Roles & Identity)

    HA Key N/A U N/A N/A IKE RSA/DSA Private Key N/A D N/A G,D,U N/A N/A N/A PRNG Algorithm Key N/A N/A N/A G,U N/A N/A Diffie Hellman Private Key Components G N/A N/A N/A N/A Juniper NS-5400 Security Policy...
  • Page 16 2. The Crypto-Officer is authorized to remove all authorized operators. 3. The Crypto-Officer is authorized to change all authorized operators' user names and passwords, but the user is only allowed to change his/her own user name and password. Juniper NS-5400 Security Policy...

  • Page 17: Definitions List

    ROM – Read Only Memory RSA – Rivest Shamir Adelman Algorithm SDRAM – Synchronous Dynamic Random Access Memory SSH – Secure Shell TCP – Transmission Control Protocol TFTP – Trivial File Transfer Protocol VPN – Virtual Private Networking Juniper NS-5400 Security Policy...

This manual is also suitable for:

Ns-5400-p00d-s00Ns-5400-p01a-s00Ns-5400-p01d-s00Ns-5000-8gNs-2g24fe

Table of Contents