Nortel-networks Nortel Network VPN Router and Client Workstation 7 Uživatelský manuál Strana 45
- Strana / 67
- Tabulka s obsahem
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Security Target, Version 3.9
March 18, 2008
Nortel VPN Router v7.05 and Client Workstation v7.11
Page 45 of 67
© 2008 Nortel Networks
6.1.2 Cryptographic Support
The TOE’s cryptographic functionality is provided by a FIPS 140-2-validated cryptographic module. All modules
have received either a Level 1 or Level 2 FIPS 140-2 validation. Table 8 below indicates the modules and the
validation levels achieved.
Table 8 - FIPS Validated Modules
Validation
Modules
FIPS 140-2 Certificate #
Hardware modules
FIPS 140-2 validated
at level 2
VPN Router 1750, 2700, 2750 and 5000 with Hardware
Accelerator
1068
VPN Router 1750, 2700, 2750 and 5000 with VPN Router Security
Accelerator
1073
Nortel VPN Router 600, 1750, 2700, 2750 and 5000
1066
Hardware modules
FIPS 140-2 validated
at level 1
Nortel VPN Router 1010, 1050 and 1100
1067
Software module
being validated at
level 1 of FIPS 140-2:
VPN Client Software
1032
The TOE’s cryptographic module implements and utilizes the following FIPS-validated cryptographic algorithms:
Table 9 - FIPS-Validated Cryptographic Algorithms
Algorithm
Key Size(s) (bits)
Validated Against
FIPS Certificate #
3DES
168
FIPS 46-3
641, 642, 644
AES
128, 256
FIPS 197
718, 719, 721
RSA
5
1024, 2048
FIPS 186-2
338, 339
SHA-1
N/A
FIPS 180-2
738, 739, 740
HMAC-SHA-1
160
FIPS 198
6
387, 388, 389
The TOE generates RSA keys for signature generation and verification. During the key generation process, all weak
keys are discarded. The resultant strong RSA keys are used to perform key agreement and authentication in
accordance with the Diffie-Hellman and IKE protocols.
The TOE performs encryption and decryption using the 3DES and AES algorithms. The TOE implements the
HMAC-SHA-1 algorithm in order to perform data origin authentication and data integrity checks upon encrypted
packets entering the TOE. The TOE implements SHA-1 algorithm in order to perform data integrity checks upon
encrypted packets entering the TOE.
The TOE destroys keys when they are no longer needed by “zeroizing” them. Zeroization is performed by
overwriting the memory location containing the keys with zeros before marking the memory location as being free
5
Via the RSA BSAFE library.
6
FIPS 198 is equivalent to RFC 2104.
- Nortel Networks 1
- VPN Router v7.05 and Client 1
- Workstation v7.11 1
- Security Target 1
- Revision History 2
- Table of Contents 3
- Table of Figures 4
- Table of Tables 4
- 1.1 Purpose 5
- 1.3.1 Conventions 6
- 1.3.2 Terminology 6
- 2 TOE Description 8
- Page 9 of 67 9
- 2.3.1 Physical Boundary 10
- 2.3.2 Logical Boundary 11
- © 2008 Nortel Networks 12
- Security Target, Version 3.9 12
- March 18, 2008 12
- Page 12 of 67 12
- Page 13 of 67 13
- Page 14 of 67 14
- Page 15 of 67 15
- 3 TOE Security Environment 16
- Page 17 of 67 17
- 4 Security Objectives 18
- Page 19 of 67 19
- 5 IT Security Requirements 20
- FAU_SAR.1 Audit review 22
- Page 23 of 67 23
- Page 24 of 67 24
- Page 25 of 67 25
- Page 26 of 67 26
- Page 27 of 67 27
- Page 28 of 67 28
- Page 29 of 67 29
- Page 30 of 67 30
- Page 31 of 67 31
- Page 32 of 67 32
- Page 33 of 67 33
- Page 34 of 67 34
- FMT_SMR.1 Security roles 35
- FMT_SMR.1.2 36
- FPT_RPL.1 Replay detection 37
- FPT_TST.1 TSF testing 37
- FTP_TRP.1 Trusted path 38
- Page 40 of 67 40
- 5.3 Assurance Requirements 41
- 6 TOE Summary Specification 42
- 6.1.1 Security Audit 43
- Page 44 of 67 44
- 6.1.2 Cryptographic Support 45
- 6.1.3 User Data Protection 46
- 6.1.5 Security Management 47
- Page 48 of 67 48
- 6.1.7 Trusted Path/Channels 49
- 7 Protection Profile Claims 51
- 8 Rationale 52
- Page 53 of 67 53
- Page 54 of 67 54
- Page 55 of 67 55
- Page 58 of 67 58
- Page 59 of 67 59
- 8.5 Dependency Rationale 60
- Requirements 62
- Page 64 of 67 64
- 8.7 Strength of Function 65
- 9 Acronyms 66
Související produkty a manuály pro Hardware Nortel-networks Nortel Network VPN Router and Client Workstation 7
Hardware Nortel-networks CWDM SFP Uživatelský manuál
(34 stránky)
(34 stránky)
Hardware Nortel-networks NN46110-602 Uživatelský manuál
(230 stránky)
(230 stránky)
Hardware Nortel-networks 4134 Uživatelský manuál
(40 stránky)
(40 stránky)
Hardware Nortel-networks 608(WL) Uživatelský manuál
(222 stránky)
(222 stránky)
Hardware Nortel-networks 5000i Uživatelský manuál
(54 stránky)
(54 stránky)
Hardware Nortel-networks 2332 Uživatelský manuál
(102 stránky)
(102 stránky)
Hardware Nortel-networks AS 5300 Uživatelský manuál
(54 stránky)
(54 stránky)
Hardware Nortel-networks 302403-B Uživatelský manuál
(21 stránky)
(21 stránky)
Hardware Nortel-networks N300 Uživatelský manuál
(72 stránky)
(72 stránky)
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.057 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce