Security Guide
Page 3
... different physical housings that is a nonproprietary Cryptographic Module Security Policy supporting the Nokia VPN Appliance family. The Nokia VPN Appliances are pointed out where relevant. 1.2 References This document deals only with operations and capabilities of the module in this document simply support different numbers of the module. Specific differences between IPSO firmware version 3.9 and 4.1. There are...
... different physical housings that is a nonproprietary Cryptographic Module Security Policy supporting the Nokia VPN Appliance family. The Nokia VPN Appliances are pointed out where relevant. 1.2 References This document deals only with operations and capabilities of the module in this document simply support different numbers of the module. Specific differences between IPSO firmware version 3.9 and 4.1. There are...
Security Guide
Page 6
...3 4 5 6 7 8 9 10 11 Requirements Section Title Cryptographic Module Specification Cryptographic Module Ports and Interfaces Roles, Services, and Authentication Finite State Model Physical Security Operational Environment Cryptographic Key Management EMI/EMC Self-tests Design Assurance Mitigation of operation.... Intended Level Per FIPS 140-2 Level Tested 2 2 2 2 2 N/A 2 2 2 2 N/A © Copyright 2005, 2006, 2007 Nokia Page 6 of operation....
...3 4 5 6 7 8 9 10 11 Requirements Section Title Cryptographic Module Specification Cryptographic Module Ports and Interfaces Roles, Services, and Authentication Finite State Model Physical Security Operational Environment Cryptographic Key Management EMI/EMC Self-tests Design Assurance Mitigation of operation.... Intended Level Per FIPS 140-2 Level Tested 2 2 2 2 2 N/A 2 2 2 2 N/A © Copyright 2005, 2006, 2007 Nokia Page 6 of operation....
Security Guide
Page 12
... date and time settings; display information about packages installed on local system; show SNMP implementation commands; create tunnels by using specific encapsulation schemes; manage IPSO images; map an IPv6 address to a physical machine address recognized in FIPS mode); configure and ...data Status of commands and configuration data Status of commands and configuration data Critical Security Parameter (CSP) Access None Password (read/write access) None © Copyright 2005, 2006, 2007 Nokia Page 12 of platform; associate and disassociate an IPv6 address with a logical ...
... date and time settings; display information about packages installed on local system; show SNMP implementation commands; create tunnels by using specific encapsulation schemes; manage IPSO images; map an IPv6 address to a physical machine address recognized in FIPS mode); configure and ...data Status of commands and configuration data Status of commands and configuration data Critical Security Parameter (CSP) Access None Password (read/write access) None © Copyright 2005, 2006, 2007 Nokia Page 12 of platform; associate and disassociate an IPv6 address with a logical ...
Security Guide
Page 16
..., pursuant to Part 15 of the FCC rules and thus the FIPS 140-2 Level 2 EMI/EMC requirements. 2.6 Physical Security The Nokia VPN Appliances are affixed to prevent direct viewing of this Copyright Notice. Considering only the caseinsensitive alphabet using lance wall inserts to the...Section 3.1 "Crypto Officer Guidance" of the module's interior components. The tamper-evident seals are multi-chip, standalone cryptographic modules. Specific quantities and locations are baffled from . Numeric, alphabetic (upper and lowercase), and keyboard and extended characters can be at least four...
..., pursuant to Part 15 of the FCC rules and thus the FIPS 140-2 Level 2 EMI/EMC requirements. 2.6 Physical Security The Nokia VPN Appliances are affixed to prevent direct viewing of this Copyright Notice. Considering only the caseinsensitive alphabet using lance wall inserts to the...Section 3.1 "Crypto Officer Guidance" of the module's interior components. The tamper-evident seals are multi-chip, standalone cryptographic modules. Specific quantities and locations are baffled from . Numeric, alphabetic (upper and lowercase), and keyboard and extended characters can be at least four...
Security Guide
Page 17
...accelerator chip as well as the VPN encryption algorithm. © Copyright 2005, 2006, 2007 Nokia Page 17 of 43 This document may be freely reproduced and distributed whole and intact including... IKE is electrically bypassed. The IPSO operating system provides the capability to use TLSv1 to secure the remote CLI management sessions. SHA-1 for authentication. IKE uses RSA signatures or pre-...a hard-wired, internal accelerator chip. Note that are installed by optional version-specific internal accelerator cards that accelerated DES and 1 key Triple DES are non-compliant with the module...
...accelerator chip as well as the VPN encryption algorithm. © Copyright 2005, 2006, 2007 Nokia Page 17 of 43 This document may be freely reproduced and distributed whole and intact including... IKE is electrically bypassed. The IPSO operating system provides the capability to use TLSv1 to secure the remote CLI management sessions. SHA-1 for authentication. IKE uses RSA signatures or pre-...a hard-wired, internal accelerator chip. Note that are installed by optional version-specific internal accelerator cards that accelerated DES and 1 key Triple DES are non-compliant with the module...
Security Guide
Page 25
...modules do not employ security mechanisms to ensure that the policy files are not modified. • Policy file integrity test (bypass mode test): the module performs a SHA-1 check value verification to mitigate specific attacks. © Copyright 2005, 2006, 2007 Nokia Page 25 of ...materials, manufacturers, changes, history, and hardware documentation are logged and produce error indicators. 2.10 Design Assurance Nokia and Check Point manage and record their respective...
...modules do not employ security mechanisms to ensure that the policy files are not modified. • Policy file integrity test (bypass mode test): the module performs a SHA-1 check value verification to mitigate specific attacks. © Copyright 2005, 2006, 2007 Nokia Page 25 of ...materials, manufacturers, changes, history, and hardware documentation are logged and produce error indicators. 2.10 Design Assurance Nokia and Check Point manage and record their respective...