Summary of the content on the page No. 1
Contivity™ Extranet Switch 4600
FIPS 140-1 Non-Proprietary
Cryptographic Module Security Policy
Level 2 Validation
June 2001
© Copyright 2001 Nortel Networks.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Summary of the content on the page No. 2
Table of Contents 1 Introduction .............................................................................................................. 3 1.1 Purpose................................................................................................................. 3 1.2 References............................................................................................................ 3 1.3 Document Organization ..................................................................
Summary of the content on the page No. 3
1 Introduction 1.1 Purpose This is a non-proprietary cryptographic module security policy for the Contivity™ Extranet Switch 4600. This security policy describes how the Contivity™ Extranet Switch 4600 meets the security requirements of FIPS 140-1, and how to operate the Contivity™ Extranet Switch 4600 in a secure FIPS 140-1 compliant mode of operation. This policy was prepared as part of the FIPS 140-1 Level 2 multi-chip stand alone certification of the Contivity™ Extranet Switch 4
Summary of the content on the page No. 4
proprietary security policy, the FIPS 140-1 certification submission documentation is Nortel-proprietary and is releasable only under appropriate non-disclosure agreements. Please contact Nortel Networks for access to these documents. 4
Summary of the content on the page No. 5
2 The Contivity Extranet 4600 Switch The Nortel Networks Contivity Extranet Switch 4600 (referred to as the module, or Switch in this document) provides a scalable, secure, manageable remote access server that meets FIPS 140-1 level 2 requirements for a multiple-chip standalone module. The following sections describe how the Switch addresses FIPS 140-1 requirements. 2.1 Cryptographic Module The Contivity Extranet Switch combines remote access protocols, security, authentication, auth
Summary of the content on the page No. 6
Figure 2 – Physical Interfaces The physical interfaces include a power plug, power and reset switches, a serial port, a LAN Port RJ-45 connector and up to two additional network connectors. Each RJ-45 connector is accompanied by light emitting diodes (LEDs). The LAN Port LEDs, with the green LED indicating 100Mbps activity and the orange LED indicating link status and activity, are located on the back panel of the module. More information on the LEDs and the LAN Port interface can
Summary of the content on the page No. 7
2.3 Physical Security A thick steel case protects the Contivity™ Extranet Switch 4600. The switch meets FCC requirements in 47 CFR Part 15 for personal computers and peripherals designated for home use (ClassB). The case has two removable portions: the front bezel and the top cover. Removing the front bezel allows access to the floppy drive. The following diagram shows how to remove the front bezel. Note: The steps required to remove the front bezel are the same whether or not th
Summary of the content on the page No. 8
Figure 4 – Front view without front bezel Once the Extranet Switch has been configured in its FIPS 140-1 level 2 mode, the cover may not be removed without signs of tampering. To seal the cover, apply three serialized tamper-evident labels as follows: 1. Clean the cover of any grease, dirt, or oil before applying the tamper-evident labels. Alcohol based cleaning pads are recommended for this purpose. The temperature of the switch should be above 10°C. 2. Apply two (2) labels on t
Summary of the content on the page No. 9
Figure 5 – Tamper-Evident Labels Applied to Switch The tamper-evident seals are produced from a special thin gauge white vinyl with self- adhesive backing. Any attempt to open the switch will damage or destroy the tamper- evident seals or the painted surface and metal of the module cover. Since the tamper- evident labels have non-repeated serial numbers, the labels may be inspected for damage and compared against the applied serial numbers to verify that the module has not been tampere
Summary of the content on the page No. 10
2.4 Roles and Services The switch supports up to 5000 simultaneous user sessions using Internet Protocol Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), and Layer Two Forwarding (L2F). In addition, an administrator may securely configure the switch either locally or remotely. Remote administration is secured by one of the secure tunneling protocols supported by the box. The administrator selects which protocols are used from the Services
Summary of the content on the page No. 11
• IPSec Protocol Tunnels • PPTP Protocol Tunnels • L2TP Protocol Tunnels • L2F Protocol Tunnels • Change Password 2.4.1 Crypto Officer Services There is a factory default login ID and password, which allows access to the Crypto Officer role. This initial account is the primary administrator's account for the Switch, and guarantees that at least one account is able to assume the Crypto Officer role and completely manage the switch and users. The switch can also be configured to au
Summary of the content on the page No. 12
direction. The administrator may use any of the pre-defined Rules or create custom Rules to be included in each Filter. • Status Functions: to view the switch configuration, routing tables, active sessions, use Gets to view Simple Network Management Protocol (SNMP) Management Information Base (MIB) II statistics, usage graphs, health, temperature, memory status, voltage, packet statistics, and review accounting logs. • Manage the Switch: to log off users, shut down or reset the switch
Summary of the content on the page No. 13
Authentication Protocol (PAP). MS-CHAP can use no encryption, 40- bit RC4, 128-bit RC4 encryption. When operated in a FIPS 140-1 compliant manner, MS-CHAP is not enabled with RC4 encryption. • L2TP: Requires authentication using MS-CHAP CHAP, or PAP. MS- CHAP can use no encryption, 40-bit RC4, 128-bit RC4 encryption. When operated in a FIPS 140-1 compliant manner, MS-CHAP is not enabled with RC4 encryption. • L2F: Requires authentication using CHAP, or PAP. 2.5 Key Management The
Summary of the content on the page No. 14
contained on the floppy disk via the module’s management interface. The format utility then causes the firmware of the module to be erased • RSA keys: These RSA public/private key-pairs are used for generating and verifying digital signatures for authentication of users during IPSec tunneling sessions. The module’s keys are generated internally by the PKCS#1 standard using a pseudo-random number generator. The keys are stored in uniquely named directories in PKCS#5 and PKCS#8 formats,
Summary of the content on the page No. 15
3 Secure Operation of the Contivity Switch The Contivity Switch is a versatile machine; it can be run in a Normal Operating Mode or a FIPS Operating Mode (FIPS mode). In FIPS mode, the switch meets all the Level 2 requirements for FIPS 140-1. To place the module in FIPS mode, click the “FIPS Enabled” button on the Services Available management screen and restart the module. A number of configuration settings are recommended when operating the Contivity Switch in a FIPS 140-1 complia
Summary of the content on the page No. 16
has the capability to submit shell commands) then the Crypto Officer should reinstall the Nortel firmware from a trusted media such as the installation CD or the Nortel website. 16