Dell PowerConnect W-600 Controller Series Security Policy
Page 21
...the module's 802.11i TLS services in order to secure network traffic 802.11i with APs using IPSec and issue self signed certificates to APs Commands and configuration data, IKEv1/IKEv2 inputs and data; Diffie-Hellman and Elliptic curve Diffie-Hellman key pair for ...keys for IPSec (read /write) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 19 IPSec outputs, status, and data and configuration data, self signed certificates RSA private key for IKEv1/ IKEv2 and certificate signing (read access), Diffie-Hellman key pair for IKEv1/...
...the module's 802.11i TLS services in order to secure network traffic 802.11i with APs using IPSec and issue self signed certificates to APs Commands and configuration data, IKEv1/IKEv2 inputs and data; Diffie-Hellman and Elliptic curve Diffie-Hellman key pair for ...keys for IPSec (read /write) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 19 IPSec outputs, status, and data and configuration data, self signed certificates RSA private key for IKEv1/ IKEv2 and certificate signing (read access), Diffie-Hellman key pair for IKEv1/...
Dell PowerConnect W-600 Controller Series Security Policy
Page 25
... during memory. Used by TLS and EAPTLS/PEAP protocols during the handshake, used for signing OCSP responses, and used for signing certificates ECDSA Private Key ECDSA suite B P-256 Generated in the and P-384 curves module Stored in flash memory encrypted with KEK. ...the session is closed . Zeroized when the session is session key for an SSH closed . Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 23 Zeroized when encryption CBC key agreement. Zeroized when the 802.1x connection session is ...
... during memory. Used by TLS and EAPTLS/PEAP protocols during the handshake, used for signing OCSP responses, and used for signing certificates ECDSA Private Key ECDSA suite B P-256 Generated in the and P-384 curves module Stored in flash memory encrypted with KEK. ...the session is closed . Zeroized when the session is session key for an SSH closed . Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 23 Zeroized when encryption CBC key agreement. Zeroized when the 802.1x connection session is ...
Dell PowerConnect W-6000M3 and W-3000 Controller Series Security Policy
Page 15
... Access the module's 802.11i TLS services in order to secure network traffic 802.11i with APs using IPSec and issue self signed certificates to secure network traffic IPSec inputs, IPSec outputs, commands, and data status, and data TLS inputs, commands, TLS outputs, and... private key for IKEv1/ IKEv2 and certificate signing (read access), Diffie-Hellman key pair for IKEv1/IKEv2 (read/write access), Session keys for IKEv1/IKEv2 (read /write) Aruba 3000, 6000/M3 and Dell W-3000, W-6000M3 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 15 Service ...
... Access the module's 802.11i TLS services in order to secure network traffic 802.11i with APs using IPSec and issue self signed certificates to secure network traffic IPSec inputs, IPSec outputs, commands, and data status, and data TLS inputs, commands, TLS outputs, and... private key for IKEv1/ IKEv2 and certificate signing (read access), Diffie-Hellman key pair for IKEv1/IKEv2 (read/write access), Session keys for IKEv1/IKEv2 (read /write) Aruba 3000, 6000/M3 and Dell W-3000, W-6000M3 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 15 Service ...
Dell PowerConnect W-6000M3 and W-3000 Controller Series Security Policy
Page 20
... CO configured Stored encrypted in Flash with KEK. Zeroized on reboot. Seed ANSI X9.31 RNG 20 | FIPS 140-2 Level 2 Features Aruba 3000, 6000/M3 and Dell W-3000, W-6000M3 | FIPS 140-2 Level 2 Release Supplement Zeroized by the 802.11i Zeroized on reboot. Key agreement in IKEv1/IKEv2 ...the management interfaces, RADIUS authentication ArubaOS OpenSSL RNG Seed for 802.11i memory. Used by IKEv1/IKEv2 for device authentication and for signing certificates ECDSA Private Key ECDSA suite B P-256 Generated in the and P-384 curves module Stored in flash memory encrypted with KEK. skeyid ...
... CO configured Stored encrypted in Flash with KEK. Zeroized on reboot. Seed ANSI X9.31 RNG 20 | FIPS 140-2 Level 2 Features Aruba 3000, 6000/M3 and Dell W-3000, W-6000M3 | FIPS 140-2 Level 2 Release Supplement Zeroized by the 802.11i Zeroized on reboot. Key agreement in IKEv1/IKEv2 ...the management interfaces, RADIUS authentication ArubaOS OpenSSL RNG Seed for 802.11i memory. Used by IKEv1/IKEv2 for device authentication and for signing certificates ECDSA Private Key ECDSA suite B P-256 Generated in the and P-384 curves module Stored in flash memory encrypted with KEK. skeyid ...
Dell PowerConnect W-AP124/5 Security Policy
Page 17
...Mesh Portal to verify that authenticate via IKEv1/IKEv2 pre-shared key or RSA certificate authentication method, and Users are the "n" Mesh Points that it is intended to be deployed in Remote FIPS mode configure the controller for Mobility Controller Enable checkbox. 17 When the module ...mode can be deployed in a remote location (relative to the directions in the module User Manual, the Crypto Officer performs the following FIPS approved modes of the staging controller 3. The staging controller must be provisioned with Mesh Points via a non-networked general purpose computer is...
...Mesh Portal to verify that authenticate via IKEv1/IKEv2 pre-shared key or RSA certificate authentication method, and Users are the "n" Mesh Points that it is intended to be deployed in Remote FIPS mode configure the controller for Mobility Controller Enable checkbox. 17 When the module ...mode can be deployed in a remote location (relative to the directions in the module User Manual, the Crypto Officer performs the following FIPS approved modes of the staging controller 3. The staging controller must be provisioned with Mesh Points via a non-networked general purpose computer is...
Dell PowerConnect W-AP124/5 Security Policy
Page 18
...Certification Authority (trusted by all Aruba controllers) and the AP's RSA private key is used to authenticate AP to the Configuration > Network > Controller > System Settings page (this is being supplied by going to the Configuration > Wireless > AP Configuration > AP Group page. This accomplished by an injector, this policy. Enable FIPS... to the particular model of the staging controller, ensure that this key will authenticate to the controller using certificate based authentication to an Aruba Mobility Controller on the AP. Log into the administrative console of the Aruba ...
...Certification Authority (trusted by all Aruba controllers) and the AP's RSA private key is used to authenticate AP to the Configuration > Network > Controller > System Settings page (this is being supplied by going to the Configuration > Wireless > AP Configuration > AP Group page. This accomplished by an injector, this policy. Enable FIPS... to the particular model of the staging controller, ensure that this key will authenticate to the controller using certificate based authentication to an Aruba Mobility Controller on the AP. Log into the administrative console of the Aruba ...
Dell PowerConnect W-AP124/5 Security Policy
Page 19
...to the controller by an injector, this 19 a. when power is applied, the module will open the provisioning window. Then, check the "Fips Enable" box, check "Apply", and save the configuration. 6. note that AP, click the "Provision" button, which is successfully provisioned with ... 11. a. There, you click the Edit button for Mobility Controller Enable checkbox. 5. For CPSec AP mode, the AP always uses certificate based authentication to it on controller. 9. generation of such keys is being supplied by an injector, this represents the only exception. note...
...to the controller by an injector, this 19 a. when power is applied, the module will open the provisioning window. Then, check the "Fips Enable" box, check "Apply", and save the configuration. 6. note that AP, click the "Provision" button, which is successfully provisioned with ... 11. a. There, you click the Edit button for Mobility Controller Enable checkbox. 5. For CPSec AP mode, the AP always uses certificate based authentication to it on controller. 9. generation of such keys is being supplied by an injector, this represents the only exception. note...
Dell PowerConnect W-AP124/5 Security Policy
Page 20
... AP group, and then 20 a. when power is stored on the network. Terminate the administrative session 3.3.4 Configuring Remote Mesh Point FIPS Mode 1. There, you should be entered encrypted over the secure IPSec session. This key is applied, the module will be present... the only exception. Enable FIPS mode on the AP. That is accomplished by the Ethernet cable, navigate to the directions in Section "Mesh Points" of Chapter "Secure Enterprise Mesh" of this is generated at least 8 characters in plaintext; If certificate based authentication is chosen, ...
... AP group, and then 20 a. when power is stored on the network. Terminate the administrative session 3.3.4 Configuring Remote Mesh Point FIPS Mode 1. There, you should be entered encrypted over the secure IPSec session. This key is applied, the module will be present... the only exception. Enable FIPS mode on the AP. That is accomplished by the Ethernet cable, navigate to the directions in Section "Mesh Points" of Chapter "Secure Enterprise Mesh" of this is generated at least 8 characters in plaintext; If certificate based authentication is chosen, ...
Dell PowerConnect W-AP124/5 Security Policy
Page 21
... During the provisioning process as Remote Mesh Point, if Pre-shared key is Linux, a real-time multithreaded operating system that the module has FIPS mode enabled by an injector, this should see an entry for the LAN connection between the module and the staging controller. 8. b. Log ... FIPS Mode do the following to the Mobility Controller 3. select AP > AP System Profile. Verify that the module is applied, the module will open the provisioning window. Access to the staging controller; Now provision the AP as Mesh Point, the WPA2 PSK is in plaintext; If certificate ...
... During the provisioning process as Remote Mesh Point, if Pre-shared key is Linux, a real-time multithreaded operating system that the module has FIPS mode enabled by an injector, this should see an entry for the LAN connection between the module and the staging controller. 8. b. Log ... FIPS Mode do the following to the Mobility Controller 3. select AP > AP System Profile. Verify that the module is applied, the module will open the provisioning window. Access to the staging controller; Now provision the AP as Mesh Point, the WPA2 PSK is in plaintext; If certificate ...
Dell PowerConnect W-AP124/5 Security Policy
Page 25
... limit for IEEE 802.11n is 300Mbit, which has at least 140. Mesh AP WPA2 PSK (User role) Same as Wireless Client WPA2-PSK above Certificate based authentication -RSA key pair (CO role) The module supports RSA 2048-bit keys, which is less than 16,071,429/(4.4 x 10^31), or roughly...
... limit for IEEE 802.11n is 300Mbit, which has at least 140. Mesh AP WPA2 PSK (User role) Same as Wireless Client WPA2-PSK above Certificate based authentication -RSA key pair (CO role) The module supports RSA 2048-bit keys, which is less than 16,071,429/(4.4 x 10^31), or roughly...
Dell PowerConnect W-AP124/5 Security Policy
Page 34
... GTK 256-bit shared secret used to protect multicast message confidentiality and integrity (AES-CCM) Used for IKEv1/IKEv2 authentication when AP is authenticating using certificate based authentication 34 zeroized on reboot Stored in plaintext in volatile memory; zeroized on reboot Stored in plaintext in volatile memory; zeroized by the 'ap...
... GTK 256-bit shared secret used to protect multicast message confidentiality and integrity (AES-CCM) Used for IKEv1/IKEv2 authentication when AP is authenticating using certificate based authentication 34 zeroized on reboot Stored in plaintext in volatile memory; zeroized on reboot Stored in plaintext in volatile memory; zeroized by the 'ap...
Dell PowerConnect W-AP134/5 Security Policy
Page 16
...FIPS mode configure the controller for all Control traffic to and from any one mode to any other mode requires the module to be re-provisioned and rebooted before any new configured mode can be connected over 802.11 and an IPSec tunnel via IKEv1/IKEv2 pre-shared key or RSA certificate... (this is the Mobility Controller that authenticates via the Remote Mesh Portal to change configurations from the Mobility Controller. • Remote Mesh Portal FIPS mode - This is intended to be deployed in a local/private location (LAN, WAN, MPLS) relative to the Mobility Controller). When the...
...FIPS mode configure the controller for all Control traffic to and from any one mode to any other mode requires the module to be re-provisioned and rebooted before any new configured mode can be connected over 802.11 and an IPSec tunnel via IKEv1/IKEv2 pre-shared key or RSA certificate... (this is the Mobility Controller that authenticates via the Remote Mesh Portal to change configurations from the Mobility Controller. • Remote Mesh Portal FIPS mode - This is intended to be deployed in a local/private location (LAN, WAN, MPLS) relative to the Mobility Controller). When the...
Dell PowerConnect W-AP134/5 Security Policy
Page 17
...", and save the configuration. 6. Disconnect the module from the staging controller, and install it will authenticate to the controller using certificate based authentication to the directions in non-volatile memory. Enable FIPS mode on the steps. 4. This is accomplished by an injector, this should be present between the module and the staging...
...", and save the configuration. 6. Disconnect the module from the staging controller, and install it will authenticate to the controller using certificate based authentication to the directions in non-volatile memory. Enable FIPS mode on the steps. 4. This is accomplished by an injector, this should be present between the module and the staging...
Dell PowerConnect W-AP134/5 Security Policy
Page 18
... the network. 3.3.3 Configuring Remote Mesh Portal FIPS Mode 1. There, you should be a direct connection, with controller. if PoE is connected to "Configuring Control Plane Security" Section in section 3.2 2. a. Refer to the controller by filling in length; For CPSec AP mode, the AP always uses certificate based authentication to the directions in Aruba...
... the network. 3.3.3 Configuring Remote Mesh Portal FIPS Mode 1. There, you should be a direct connection, with controller. if PoE is connected to "Configuring Control Plane Security" Section in section 3.2 2. a. Refer to the controller by filling in length; For CPSec AP mode, the AP always uses certificate based authentication to the directions in Aruba...
Dell PowerConnect W-AP134/5 Security Policy
Page 19
... is input to the module via an Ethernet cable to the Mobility Controller 3. There, you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 5. if PoE is applied, the module will attempt to discover and connect to the module during...does not provide PoE, either ensure the presence of the Aruba OS User Guide. a. If certificate based authentication is chosen, AP's RSA key pair is stored on the deployment network; Then, check the "Fips Enable" box, check "Apply", and save the configuration. 6. Section "Provisioning an Individual ...
... is input to the module via an Ethernet cable to the Mobility Controller 3. There, you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 5. if PoE is applied, the module will attempt to discover and connect to the module during...does not provide PoE, either ensure the presence of the Aruba OS User Guide. a. If certificate based authentication is chosen, AP's RSA key pair is stored on the deployment network; Then, check the "Fips Enable" box, check "Apply", and save the configuration. 6. Section "Provisioning an Individual ...
Dell PowerConnect W-AP134/5 Security Policy
Page 20
...Centric Networks" of the Aruba Mobility Controller 2. Select that supports memory protection between the module and the staging controller. 8. If certificate based authentication is chosen, AP's RSA key pair is not provided directly. Verify that the module is connected to the controller by...process as Remote Mesh Portal by issuing command "show ap ap-name config" 4. subsequently, during provisioning. Verify that the module has FIPS mode enabled by filling in plaintext; b. Once the module is connected to the Configuration > Wireless > AP Installation page, where you...
...Centric Networks" of the Aruba Mobility Controller 2. Select that supports memory protection between the module and the staging controller. 8. If certificate based authentication is chosen, AP's RSA key pair is not provided directly. Verify that the module is connected to the controller by...process as Remote Mesh Portal by issuing command "show ap ap-name config" 4. subsequently, during provisioning. Verify that the module has FIPS mode enabled by filling in plaintext; b. Once the module is connected to the Configuration > Wireless > AP Installation page, where you...
Dell PowerConnect W-AP134/5 Security Policy
Page 22
... out by the Aruba Mobility Controller map to configure, manage, and monitor the module, including the configuration, loading, and zeroization of FIPS approved modes, the Aruba Mobility Controller implements the Crypto Officer role. o Wireless Client role: in Remote AP configuration, a wireless client... to configure, manage, and monitor the module, including the configuration, loading, and zeroization of the IKEv1/IKEv2 pre-shared key or RSA certificate, which occurs during the IKEv1/IKEv2 key exchange. 22 Defining characteristics of CSPs. o User role: the second (or third, or nth...
... out by the Aruba Mobility Controller map to configure, manage, and monitor the module, including the configuration, loading, and zeroization of FIPS approved modes, the Aruba Mobility Controller implements the Crypto Officer role. o Wireless Client role: in Remote AP configuration, a wireless client... to configure, manage, and monitor the module, including the configuration, loading, and zeroization of the IKEv1/IKEv2 pre-shared key or RSA certificate, which occurs during the IKEv1/IKEv2 key exchange. 22 Defining characteristics of CSPs. o User role: the second (or third, or nth...
Dell PowerConnect W-AP134/5 Security Policy
Page 23
... via the WPA2 pre-shared key. When the module is configured as a Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode, the User role is authenticated via the same IKEv1/IKEv2 pre-shared key/RSA certificate that is very similar in each of each supported authentication mechanism. In advanced Remote AP...
... via the WPA2 pre-shared key. When the module is configured as a Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode, the User role is authenticated via the same IKEv1/IKEv2 pre-shared key/RSA certificate that is very similar in each of each supported authentication mechanism. In advanced Remote AP...
Dell PowerConnect W-AP134/5 Security Policy
Page 24
... this, but we derive will use this many keys per minute. Mesh AP WPA2 PSK (User role) Same as Wireless Client WPA2-PSK above RSA Certificate based authentication (CO role) The module supports RSA 1024 bit keys and 2048-bit RSA keys. The probability of associations (assume no delays, no inter...
... this, but we derive will use this many keys per minute. Mesh AP WPA2 PSK (User role) Same as Wireless Client WPA2-PSK above RSA Certificate based authentication (CO role) The module supports RSA 1024 bit keys and 2048-bit RSA keys. The probability of associations (assume no delays, no inter...
Dell PowerConnect W-AP134/5 Security Policy
Page 33
... GTK 256-bit shared secret used to protect multicast message confidentiality and integrity (AES-CCM) Used for IKEv1/IKEv2 authentication when AP is authenticating using certificate based authentication 33 zeroized on reboot Stored in and protected by AP which assumes "authenticator" role in handshake Derived from 802.11 group key handshake...
... GTK 256-bit shared secret used to protect multicast message confidentiality and integrity (AES-CCM) Used for IKEv1/IKEv2 authentication when AP is authenticating using certificate based authentication 33 zeroized on reboot Stored in and protected by AP which assumes "authenticator" role in handshake Derived from 802.11 group key handshake...