manualshive.com logo in svg

Nortel 4600, Руководство пользователя, Страница: 7 / 16

Поделиться
Скачать
Nortel 4600 Скачать руководство пользователя страница 7

7

2.3

Physical Security

A thick steel case protects the Contivity™ Extranet Switch 4600. The switch meets FCC
requirements in 47 CFR Part 15 for personal computers and peripherals designated for
home use (ClassB). The case has two removable portions: the front bezel and the top
cover. Removing the front bezel allows access to the floppy drive. The following
diagram shows how to remove the front bezel.

Note: The steps required to remove the front bezel are the same whether or not the Switch
is rack mounted.

Figure 3 - Removing the front bezel

Содержание 4600

Страница 1: ...ks This document may be freely reproduced and distributed whole and intact including this Copyright Notice Contivity Extranet Switch 4600 FIPS 140 1 Non Proprietary Cryptographic Module Security Policy Level 2 Validation June 2001 ...

Страница 2: ...ation 3 2 The Contivity Extranet 4600 Switch 5 2 1 Cryptographic Module 5 2 2 Module Interfaces 5 2 3 Physical Security 7 2 4 Roles and Services 10 2 4 1 Crypto Officer Services 11 2 4 2 User Services 12 2 5 Key Management 13 2 6 Self tests 14 3 Secure Operation of the Contivity Switch 15 ...

Страница 3: ...formation is available on the Contivity Extranet Switch 4600 and the entire line of Contivity products from the following sources The Nortel Networks web site contains information on the full line of Contivity products at www nortelnetworks com For answers to technical or sales related questions please refer to the contacts listed on the Nortel Networks web site at www nortelnetworks com 1 3 Docum...

Страница 4: ...curity policy the FIPS 140 1 certification submission documentation is Nortel proprietary and is releasable only under appropriate non disclosure agreements Please contact Nortel Networks for access to these documents ...

Страница 5: ...user sessions allowing each user to exercise a variety of secure services The Switch supports a number of secure network layer and data link layer protocols including Internet Protocol Security IPSec Point to Point Tunneling Protocol PPTP Layer Two Tunneling Protocol L2TP and Layer Two Forwarding L2F The architecture for the Switch is user centric where an individual user or group of users can be ...

Страница 6: ...s and the LAN Port interface can be found in Getting Started with the Contivity Extranet Switch 4600 The physical interfaces the LAN port the 10 100Base TX ports serials port and status LEDs map to the logical interfaces defined in FIPS 140 1 as described in Table 1 Switch physical interface FIPS 140 1 Logical Interface 10 100BASE TX LAN Ports LAN Port Data Input Interface 10 100BASE TX LAN Ports ...

Страница 7: ...peripherals designated for home use ClassB The case has two removable portions the front bezel and the top cover Removing the front bezel allows access to the floppy drive The following diagram shows how to remove the front bezel Note The steps required to remove the front bezel are the same whether or not the Switch is rack mounted Figure 3 Removing the front bezel ...

Страница 8: ...els Alcohol based cleaning pads are recommended for this purpose The temperature of the switch should be above 10 C 2 Apply two 2 labels on the top cover overlapping the side and the rear of the chassis as shown in Figure 5 3 Apply two 2 labels on the top and bottom overlapping the front bezel as shown in Figure 5 4 Apply one 1 label over the keyboard button cover as shown in Figure 5 5 Record the...

Страница 9: ...e applied serial numbers to verify that the module has not been tampered An intact label is shown in Figure 6 with a visible serial number and no breaks FIPS 140 1 Level 2 Tamper Evident Label A567422 Contivity Extranet Switch Figure 6 Tamper Evident Label Attempting to remove a label breaks it or continually tears off small fragments as depicted in Figure 7 Other signs of tamper evidence include ...

Страница 10: ...Defender Service Crypto Officer User Configure the Switch Create User Groups Create Users Modify User Groups Modify Users Delete User Groups Delete Users Define Rules and Filters Status Functions Manage the Switch Encrypted Traffic Change Password Table 2 Matrix of Services Users may assume one of two roles Crypto Officer role or User role An administrator of the switch assumes the Crypto Officer ...

Страница 11: ...rface of the Switch without requiring a secure tunnel At the highest level Crypto Officer services include the following Configure the Switch to define network interfaces and settings set the protocols the switch will support define routing tables set system date and time load authentication information etc Create User Groups to define common sets of user permissions such as access hours user prio...

Страница 12: ...static Internet Protocol IP addresses are assigned idle timeout forced logoff for timeout filters whether Internetwork Packet Exchange IPX is allowed The administrator also assigns each User separate User IDs and passwords for the following services IPSec PPTP L2TP and L2F tunnels A fifth ID and password may be assigned for Administration of the switch as described in 2 4 1 The User may then authe...

Страница 13: ...ed They are used only for authentication in key exchange protocols which protect Critical Security Parameters CSPs according to their protocol Crypto Officers should be aware that PAP transmits password information in the clear and should not be enabled before deciding local policy See notes on PAP in the Contivity Extranet Switch Administrator s Guide Session Keys These are ephemeral encryption k...

Страница 14: ...ficates are issued by a third party CA and stored in the internal LDAP 2 6 Self tests It is important to test the cryptographic components of a security module to insure all components are functioning correctly The Contivity Switch includes an array of self tests that are run during startup and periodically during operations The self tests run at power up include a cryptographic known answer tests...

Страница 15: ...r MS CHAP and CHAP are not enabled with RC4 encryption For L2P CHAP must be disabled to operate in a FIPS compliant manner The internal LDAP database must be used in place of an external LDAP server Secure Sockets Layer SSL cannot be used to establish secure connections For Routing Information Protocol RIP In FIPS mode MD5 must be disabled There are several services that are affected by transition...

Страница 16: ...16 has the capability to submit shell commands then the Crypto Officer should reinstall the Nortel firmware from a trusted media such as the installation CD or the Nortel website ...

Отзывы:

Нет отзывов