1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Firewall
  5. NS-5400-P00A-S00
  6. Manual

Juniper NS-5400-P00A-S00 Manual page 9

Fips 140-2 security policy
Hide thumbs
Table of Contents

Advertisement

Device Specific Self-Tests:
Algorithm Self-Tests:
Juniper NS-5400 Security Policy
number of available characters is 62. The probability of someone
guessing a password is 1/(62^6) = 1/56,800,235,584 , which is far
less than a 1/1,000,000 random success rate. If three login attempts
from the console fail consecutively, the console will be disabled for
one minute. If three login attempts from Telnet or the WebUI
(through VPN with AES encryption) fail consecutively, any login
attempts from that source will be dropped for one minute.
If there are multiple login failure retries within one minute and since
the user is locked out after three contiguous login failures, the
random success rate for multiple retries is 1/(62^6) + 1/ 62^6) +
1/(62^6) = 3/(62^6), which is far less than
1/100,000.
DSA-signed firmware image cryptographic strength analysis: the
firmware is signed by a DSA private key, which is in the sole
possession of Juniper Networks. The generated signature is
attached to the firmware. In order for the device to accept an
endorsed image, the image has to have a correct 40-byte (320-bit)
signature. The probability of someone guessing a signature correctly
is 1/(2^320), which is far less than 1/1,000,000.
The image download takes at least 23 seconds, so there can be no
more than 3 download tries within one minute. Therefore, the
random success rate for multiple retries is 1/(2^320) + 1/(2^320) +
1/(2^320) = 3/(2^320), which is far less than
1/100,000.
In order for authentication data to be protected against disclosure,
substitution and modification, the operator password is not echoed
during entry.
The NetScreen-5400 does not employ a maintenance interface or
have a maintenance role.
When in FIPS mode, the NetScreen-5400 WebUI only displays
options that comply with the requirements of FIPS 140-2.
The output data path is logically disconnected from the circuitry and
processes performing key generation or key zeroization.
The NetScreen-5400 provides a Show Status service via the GET
service.
The NetScreen-5400 cannot be accessed until the initialization
process is complete.
The NetScreen-5400 implements the following power-up self-tests:
• Boot ROM firmware self-test is via DSA signature (Software
Integrity Test)
• SDRAM read/write check
• FLASH Test
• DES, CBC mode, encrypt/decrypt KAT
9

Advertisement

Table of Contents
loading

Related Manuals for Juniper NS-5400-P00A-S00

Related Products for Juniper NS-5400-P00A-S00

This manual is also suitable for:

Ns-5400-p00d-s00Ns-5400-p01a-s00Ns-5400-p01d-s00Ns-5000-8gNs-2g24fe

Table of Contents