Enterasys-networks XSR-1805 Manual do Utilizador

XSR-1805, XSR-1850, and XSR-3250 (Hardware Version: REV 0A-G, Software Version: REL 6.3, Firmware Version: REL 6.3) FIPS 140-2 Non-Propri

• Three 10/100/1000BaseT GigabitEthernet LAN ports with two LEDs on each port, instead of the two 10/100BaseT FastEthernet LAN ports • Mini-Gigabit

Roles and Services The module supports role-based and identity-based authentication1. There are two main roles in the module (as required by FIPS 140-

• Read-only Crypto Officer – Management users with privilege level zero assume the Read-only Crypto Officer role. The Read-only Crypto Officer can on

Management key; create DSA host key for SSHv2; create management users and set their password and privilege level; configure the SNMP agent configura

Firewall authorization information for network traffic that flows through the box. configuration data. commands and configuration data. Table 4 – Cry

mechanism is as strong as the RSA algorithm using a 1024 bit key pair. Pre-shared key-based authentication (IKE) User HMAC SHA-1 generation and verif

Cryptographic Key Management The modules implement the following FIPS-approved algorithms: Type Algorithm Standard Certificate Number AES (CBC) FI

the encryption accelerators. The encryption accelerators implement the following FIPS-approved algorithms: • XSR-18xx – Triple-DES, DES, and HMAC SHA

IPSec session keys 56-bit DES, 168-bit TDES, or 128/192/256-bit AES keys; HMAC SHA-1 key Established during the Diffie-Hellman key agreement Stored in

If the master encryption key is generated within the module, the module outputs the key to the console as soon as the key is generated in order for th

Table of Contents INTRODUCTION... 3 PURPOSE

Self-Tests The module performs a set of self-tests in order to ensure proper operation in compliance with FIPS 140-2. These self-tests are run during

• Continuous random number generator test: this test is constantly run to detect failure of the random number generator of the module. • Manual key

SECURE OPERATION The XSR modules meet level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in a FIPS-appr

2. At the prompt <Enter current password: >, press Enter. 3. At the prompt <Enter new password: >, enter the password. 4. At the prompt

• Dial backup access must be disabled. • Syslog remote logging must be disabled. • VPN services can only be provided by IPSec or L2TP over IPSec.

© Copyright 2003 Enterasys Networks Page 25 of 25 This document may be freely reproduced and distributed whole and intact including this Copyright No

Introduction Purpose This document is a nonproprietary Cryptographic Module Security Policy for the Enterasys Networks XSR-1805, XSR-1850, and XSR-325

This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Enterasys Networks. W

ENTERASYS NETWORKS XSR-1805, XSR-1850, AND XSR-3250 Overview Part of the Enterasys Networks X-Pedition Security Router (XSR) series, the XSR-1805, XSR

ideal to support mission- critical applications extending to the branch office. The XSR-3250 offers nearly ten times the performance speed of the XSR

The hardware components for the XSR-18xx modules vary slightly to meet the performance level for each module. The XSR-1850 is an enhancement of the XS

The software image is contained in a single file with the power-up diagnostics. It is based on the Nortel Open IP design model and runs on top of the

• Ten status LEDs • One power connector • One power switch • One default configuration button The XSR-1850 implements the same physical ports as