Contivity™ Extranet Switch 4600 FIPS 140-1 Non-Proprietary Cryptographic Module Security Policy Level 2 Validation June 2001 © Copyright 2001 Nortel Networks. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Table of Contents 1 Introduction .............................................................................................................. 3 1.1 1.2 1.3 2 Purpose................................................................................................................. 3 References............................................................................................................ 3 Document Organization ...................................................................................
1 Introduction 1.1 Purpose This is a non-proprietary cryptographic module security policy for the Contivity™ Extranet Switch 4600. This security policy describes how the Contivity™ Extranet Switch 4600 meets the security requirements of FIPS 140-1, and how to operate the Contivity™ Extranet Switch 4600 in a secure FIPS 140-1 compliant mode of operation. This policy was prepared as part of the FIPS 140-1 Level 2 multi-chip stand alone certification of the Contivity™ Extranet Switch 4600.
proprietary security policy, the FIPS 140-1 certification submission documentation is Nortel-proprietary and is releasable only under appropriate non-disclosure agreements. Please contact Nortel Networks for access to these documents.
2 The Contivity Extranet 4600 Switch The Nortel Networks Contivity Extranet Switch 4600 (referred to as the module, or Switch in this document) provides a scalable, secure, manageable remote access server that meets FIPS 140-1 level 2 requirements for a multiple-chip standalone module. The following sections describe how the Switch addresses FIPS 140-1 requirements. 2.
Figure 2 – Physical Interfaces The physical interfaces include a power plug, power and reset switches, a serial port, a LAN Port RJ-45 connector and up to two additional network connectors. Each RJ-45 connector is accompanied by light emitting diodes (LEDs). The LAN Port LEDs, with the green LED indicating 100Mbps activity and the orange LED indicating link status and activity, are located on the back panel of the module.
2.3 Physical Security A thick steel case protects the Contivity™ Extranet Switch 4600. The switch meets FCC requirements in 47 CFR Part 15 for personal computers and peripherals designated for home use (ClassB). The case has two removable portions: the front bezel and the top cover. Removing the front bezel allows access to the floppy drive. The following diagram shows how to remove the front bezel. Note: The steps required to remove the front bezel are the same whether or not the Switch is rack mounted.
Figure 4 – Front view without front bezel Once the Extranet Switch has been configured in its FIPS 140-1 level 2 mode, the cover may not be removed without signs of tampering. To seal the cover, apply three serialized tamper-evident labels as follows: 1. Clean the cover of any grease, dirt, or oil before applying the tamper-evident labels. Alcohol based cleaning pads are recommended for this purpose. The temperature of the switch should be above 10°C. 2.
Figure 5 – Tamper-Evident Labels Applied to Switch The tamper-evident seals are produced from a special thin gauge white vinyl with selfadhesive backing. Any attempt to open the switch will damage or destroy the tamperevident seals or the painted surface and metal of the module cover. Since the tamperevident labels have non-repeated serial numbers, the labels may be inspected for damage and compared against the applied serial numbers to verify that the module has not been tampered.
2.4 Roles and Services The switch supports up to 5000 simultaneous user sessions using Internet Protocol Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), and Layer Two Forwarding (L2F). In addition, an administrator may securely configure the switch either locally or remotely. Remote administration is secured by one of the secure tunneling protocols supported by the box. The administrator selects which protocols are used from the Services-Available menu.
• • • • • 2.4.1 IPSec Protocol Tunnels PPTP Protocol Tunnels L2TP Protocol Tunnels L2F Protocol Tunnels Change Password Crypto Officer Services There is a factory default login ID and password, which allows access to the Crypto Officer role. This initial account is the primary administrator's account for the Switch, and guarantees that at least one account is able to assume the Crypto Officer role and completely manage the switch and users.
• • direction. The administrator may use any of the pre-defined Rules or create custom Rules to be included in each Filter. Status Functions: to view the switch configuration, routing tables, active sessions, use Gets to view Simple Network Management Protocol (SNMP) Management Information Base (MIB) II statistics, usage graphs, health, temperature, memory status, voltage, packet statistics, and review accounting logs.
• • Authentication Protocol (PAP). MS-CHAP can use no encryption, 40bit RC4, 128-bit RC4 encryption. When operated in a FIPS 140-1 compliant manner, MS-CHAP is not enabled with RC4 encryption. L2TP: Requires authentication using MS-CHAP CHAP, or PAP. MSCHAP can use no encryption, 40-bit RC4, 128-bit RC4 encryption. When operated in a FIPS 140-1 compliant manner, MS-CHAP is not enabled with RC4 encryption. L2F: Requires authentication using CHAP, or PAP. 2.
contained on the floppy disk via the module’s management interface. The format utility then causes the firmware of the module to be erased • RSA keys: These RSA public/private key-pairs are used for generating and verifying digital signatures for authentication of users during IPSec tunneling sessions. The module’s keys are generated internally by the PKCS#1 standard using a pseudo-random number generator. The keys are stored in uniquely named directories in PKCS#5 and PKCS#8 formats, respectively.
3 Secure Operation of the Contivity Switch The Contivity Switch is a versatile machine; it can be run in a Normal Operating Mode or a FIPS Operating Mode (FIPS mode). In FIPS mode, the switch meets all the Level 2 requirements for FIPS 140-1. To place the module in FIPS mode, click the “FIPS Enabled” button on the Services Available management screen and restart the module. A number of configuration settings are recommended when operating the Contivity Switch in a FIPS 140-1 compliant manner.
has the capability to submit shell commands) then the Crypto Officer should reinstall the Nortel firmware from a trusted media such as the installation CD or the Nortel website.
