B. Security Level
The NetScreen-5400 meets the overall requirements applicable to Level 2
security of FIPS 140-2.
Table 2: Module Security Level Specification
Security Requirements Section
Cryptographic Module Specification
Cryptographic Module Ports and Interfaces
Roles, Services, and Authentication
Finite State Model
Physical Security
Operational Environment
Cryptographic Key Management
EMI/EMC
Self-Tests
Design Assurance
Mitigation of Other Attacks
C. Roles and Services
TheNetScreen-5400 supports five distinct roles:
Juniper NS-5400 Security Policy
•
Cryptographic Officer Role (Root): The module allows one Crypto-
Officer. This role is assigned to the first operator who logs on to the
module using the default user name and password. Only the Crypto-
Officer can create other administrators, and change to FIPS mode.
•
User Role (Admin): The Admin user can configure specific security
policies. These policies provide the module with information on how
to operate (for example, configure access policies and VPN
encryption with Triple-DES).
•
Read-Only User Role (Admin): This role can only perform a limited
set of services to retrieve information or status. This role cannot
perform services to configure the box.
•
VSYS User Role: This role has the same operations as the User
Role above, except that a VSYS user only operates within a
particular virtual system. See the NetScreen Concept and Examples
ScreenOS Reference Guide for more information about virtual
systems.
•
VSYS Read-Only User Role: This role has the same operations as
the Read-Only User Role above, except that a VSYS read-only user
only operates within a particular virtual system. See the NetScreen
Concept and Examples ScreenOS Reference Guide for more
information about virtual systems.
Level
2
2
2
2
2
N/A
2
2
2
2
N/A
5