Symantec Corporation Security Analytics S500 Appliances
Symantec CorporationSecurity Analytics S500 AppliancesModels: SA-S500-10-CM, SA-S500-20-FA, SA-S500-30-FA, SA-S500-40-FAHardware Versions: 090-03645, 080-03938, 090-03646, 080-03939, 090-03648, 080-03940, 090-03649,and 080-03941FIPS Security Kit Version: HW-KIT-FIPS-500Firmware Version: 7.2.3FIPS 140-2 Non-Proprietary Security PolicyFIPS 140-2 Security Level: 2Document Version: 0.8 2017 Symantec Corporation1 of 44Updated 5 Jun 2017
COPYRIGHT NOTICE 2017 Symantec Corporation All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM, K9, DRTR, MACH5, PACKETWISE,POLICYCENTER, PROXYAV, PROXYCLIENT, SGOS, WEBPULSE, SOLERA NETWORKS, DEEPSEE, DSAPPLIANCE, SEE EVERYTHING. KNOW EVERYTHING., SECURITY EMPOWERS BUSINESS, BLUETOUCH, theBlue Coat shield, K9, and Solera Networks logos and other Symantec logos are registeredtrademarks or trademarks of Symantec Corporation or its affiliates in the U.S. and certain other countries. This list maynot be complete, and the absence of a trademark from this list does not mean it is not a trademark of Symantec or thatSymantec has stopped using the trademark. All other trademarks mentioned in this document owned by third partiesare the property of their respective owners. This document is for informational purposes only.SYMANTEC MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION INTHIS DOCUMENT. SYMANTEC PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATAREFERENCED IN THIS DOCUMENT ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS,REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS INOTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS ANDREQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES,PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFERIN COUNTRY OR IMPORT AFTER DELIVERY TO YOU.Americas: Rest of the World:Symantec Corporation350 Ellis StreetMountain View, CA 94043This document may be freely reproduced and distributed whole and intact including this copyright notice. 2017 Symantec Corporation2 of 44Updated 5 Jun 2017
Table of Contents1.INTRODUCTION . 51.1 PURPOSE . 51.2 REFERENCES . 51.3 DOCUMENT ORGANIZATION . 52.SECURITY ANALYTICS S500 APPLIANCE . 62.1 OVERVIEW . 62.2 MODULE SPECIFICATION . 82.3 MODULE INTERFACES . 82.3.1 SA-S500-10-CM/20-FA/30-FA/40-FA Front Panel . 92.3.2 SA-S500-10-CM Rear Panel . 102.3.3 SA-S500-20-FA Rear Panel . 122.3.4 SA-S500-30-FA Rear Panel . 132.3.5 SA-S500-40-FA Rear Panel . 142.4 ROLES AND SERVICES . 152.4.1 Crypto-Officer Role . 162.4.2 User Role . 192.4.3 Authentication Mechanism . 212.5 PHYSICAL SECURITY . 252.6 NON-MODIFIABLE OPERATIONAL ENVIRONMENT . 252.7 CRYPTOGRAPHIC KEY MANAGEMENT . 252.8 SELF-TESTS . 342.8.1 Power-Up Self-Tests . 342.8.2 Conditional Self-Tests . 342.8.3 Critical Function Tests . 342.9 MITIGATION OF OTHER ATTACKS . 353.SECURE OPERATION. 363.1 INITIAL SETUP. 363.1.1 Label and Baffle Installation Instructions . 363.1.2 Shutter Installation . 373.1.3 Label Application . 383.2 SECURE MANAGEMENT . 403.2.1 Initialization . 403.2.2 Management. 413.2.3 Zeroization . 413.3 USER GUIDANCE. 423.4 NON-APPROVED MODE . 424.ACRONYMS . 43 2017 Symantec Corporation3 of 44Updated 5 Jun 2017
List of FiguresFIGURE 1 TYPICAL DEPLOYMENT DIAGRAM. 7FIGURE 2 CONNECTION PORTS AT THE FRONT OF THE SA-S500 APPLIANCES . 9FIGURE 3 REAR OF THE SA-S500 APPLIANCES . 11FIGURE 4 FIPS SECURITY KIT CONTENTS . 36FIGURE 5 SHUTTER DISASSEMBLY . 37FIGURE 6 LOWER SHUTTER INSTALLATION. 38FIGURE 7 UPPER SHUTTER INSTALLATION . 38FIGURE 8 LABELS SHOWING TAMPER EVIDENCE . 39List of TablesTABLE 1 SECURITY LEVEL PER FIPS 140-2 SECTION . 7TABLE 2 SECURITY ANALYTICS S500 APPLIANCE TESTED CONFIGURATIONS . 8TABLE 3 FIPS 140-2 LOGICAL INTERFACE MAPPINGS FOR THE FRONT OF THE SA-S500 APPLIANCES . 9TABLE 4 FRONT PANEL LED STATUS INDICATIONS FOR THE SA-S500 APPLIANCES . 10TABLE 5 FIPS 140-2 LOGICAL INTERFACE MAPPINGS FOR THE REAR OF THE SA-S500-10-CM APPLIANCE . 11TABLE 6 REAR PANEL LED STATUS INDICATIONS FOR THE SA-S500-10-CM APPLIANCE . 11TABLE 7 FIPS 140-2 LOGICAL INTERFACE MAPPINGS FOR THE REAR OF THE SA-S500-20-FA APPLIANCE . 12TABLE 8 REAR PANEL LED STATUS INDICATIONS FOR THE SA-S500-20-FA APPLIANCE . 13TABLE 9 FIPS 140-2 LOGICAL INTERFACE MAPPINGS FOR THE REAR OF THE SA-S500-30-FA APPLIANCE . 13TABLE 10 REAR PANEL LED STATUS INDICATIONS FOR THE SA-S500-30-FA APPLIANCE . 14TABLE 11 FIPS 140-2 LOGICAL INTERFACE MAPPINGS FOR THE REAR OF THE SA-S500-40-FA APPLIANCE . 14TABLE 12 REAR PANEL LED STATUS INDICATIONS FOR THE SA-S500-40-FA APPLIANCE . 15TABLE 13 FIPS AND SECURITY ANALYTICS S500 APPLIANCE ROLES . 16TABLE 14 CRYPTO OFFICER ROLE SERVICES AND CSP ACCESS . 16TABLE 15 USER SERVICES AND CSP ACCESS . 20TABLE 16 AUTHENTICATION MECHANISMS USED BY SECURITY ANALYTICS S500 APPLIANCE . 22TABLE 17 FIPS-APPROVED ALGORITHM I MPLEMENTATIONS . 25TABLE 18 LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS . 27TABLE 19 ACRONYMS . 43 2017 Symantec Corporation4 of 44Updated 5 Jun 2017
1. Introduction1.1PurposeThis is a Non-Proprietary Cryptographic Module Security Policy for the Security Analytics S500 Appliance(090-03645, 080-03938, 090-03646, 080-03939, 090-03648, 080-03940, 090-03649, and 080-03941;7.2.3) from Symantec Corporation. This Non-Proprietary Security Policy describes how the SecurityAnalytics S500 Appliance meets the security requirements of Federal Information Processing Standards(FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographicmodules. More information about the FIPS 140-2 standard and validation program is available on theNational Institute of Standards and Technology (NIST) and the Communications Security Establishment(CSE) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp.This document also describes how to run the appliance in the Approved mode of operation. This policy wasprepared as part of the 2 validation of the module. The Security Analytics S500 Appliance is referred to inthis document as SA S500 Appliance, crypto module, or module.1.2ReferencesThis document deals only with operations and capabilities of the module in the technical terms of a FIPS140-2 cryptographic module security policy. More information is available on the module from the followingsources: 1.3The Symantec website (www.symantec.com) contains information on the full line of products fromSymantec.The CMVP website 0-1/140val-all.htm)contains contact information for individuals to answer technical or sales-related questions for themodule.Document OrganizationThe Non-Proprietary Security Policy document is one document in a FIPS 140-2 Submission Package. Inaddition to this document, the Submission Package contains: Vendor Evidence documentFinite State Model documentSubmission Summary documentOther supporting documentation as additional referencesWith the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package isproprietary to Symantec and is releasable only under appropriate non-disclosure agreements. For accessto these documents, please contact Symantec. 2017 Symantec Corporation5 of 44Updated 5 Jun 2017
2. Security Analytics S500 Appliance2.1OverviewThe Security Analytics Appliances (SA-S500-10-CM, SA-S500-20-FA, SA-S500-30-FA, and SA-S500-40FA) are part of Symantec’s Security Platform’s Incident Response and Forensics solutions. The turnkey,pre-configured appliances harness the Security Analytics software to capture, index and classify all networktraffic (including full packets) in real time. This data is stored in an optimized file system for rapid analysis,instant retrieval and complete reconstruction to support all your incident response activities. The appliancescan be deployed anywhere in the network: at the perimeter, in the core, in a 10 GbE backbone, or at aremote link to deliver clear, actionable intelligence for swift incident response and resolution and real-timenetwork forensics.Security Analytics helps you visualize and analyze network data and uncover specific network activity –without requiring specific knowledge of networking protocols and packet analysis methods. Its powerfulfeatures let you locate and reconstruct specific communication flows, as well as network and user activities,within seconds. The platform does this by classifying captured network traffic packets and identifyingmeaningful data flows. A flow is the collection of packets that comprises a single communication betweentwo specific network entities. Within a particular data flow, you can then identify and examine networkartifacts such as image files, Word documents, emails, and video, as well as executable files, HTML files,and more. Security Analytics also allows you to reconstruct HTML pages, emails, and instant messagingconversations.Security Analytics also provides the ability to do real-time, policy-based artifact extraction, and is not limitedto any specific operating system (OS) environment. Extracted artifacts can be automatically placed incentralized network repositories for analysis by superior forensics tools within Security Analytics. Theseartifacts are hashed and stored for future retrospection on newly discovered malware variants and providea method to understand relatedness to preexisting hashes. The Central Manager Appliance (SA-S500-10CM) facilitates federated queries on hundreds of Security Analytics Forensic Appliances (SA-S500-20-FA,SA-S500-30-FA, and SA-S500-40-FA) to provide a 360-degree view of activity across the entire enterprisenetwork including perimeter, data centers, and remote offices.In a typical deployment, the Security Analytics Forensic Appliance receives mirrored traffic from a SPANport or network tap. The traffic enters the appliance through one or more Ethernet ports, also known ascapture interfaces. The Forensic Appliances can be integrated with leading security network and endpointsolutions for a full network-to-endpoint view of any malicious activity, delivering prompt and precise attackresolution. The Central Manager Platform is a dedicated appliance that sits on the network alongside theForensic Appliances to provide an aggregated view of data across multiple Forensic Appliances, aninterface for Forensic Appliance management, and centralized Forensic Appliance software upgrades.Please see Figure 1 below for a typical deployment diagram of the Security Analytics appliances. 2017 Symantec Corporation6 of 44Updated 5 Jun 2017
Figure 1 Typical Deployment DiagramThe Security Analytics S500 Appliances are validated at the following FIPS 140-2 Section levels in Table1.Table 1 Security Level per FIPS 140-2 SectionSectionSection TitleLevel1Cryptographic Module Specification22Cryptographic Module Ports and Interfaces23Roles, Services, and Authentication24Finite State Model25Physical Security26Operational EnvironmentN/A7Cryptographic Key Management28Electromagnetic Interference/Electromagnetic Compatibility29Self-tests210Design Assurance311Mitigation of Other AttacksN/A 2017 Symantec Corporation7 of 44Updated 5 Jun 2017
2.2Module SpecificationFor the FIPS 140-2 validation, the crypto module was tested on the following appliance types listed in Table2 below.Table 2 Security Analytics S500 Appliance Tested ConfigurationsSA S500 Appliance TypeCold Standby ApplianceStandardApplianceHardwareHardware VersionSKU / Short he hardware version numbers in Table 2 represent licensing options available. All appliance types andeditions run on similar hardware and firmware and are the same from a cryptographic functionality andboundary perspective. The hardware differs only in the amount of storage, memory, network interfaces tothe module. A Cold Standby appliance varies only in that firmware is not preinstalled. The four hardwareconfigurations are the same between the Cold Standby and standard appliance types (e.g., The SA-S50010-CM-CS shares the same hardware as the SA-S500-10-CM). The Crypto Officer and User services ofthe module are identical for all appliance types regardless whether it is a Cold Standby or standardappliance.For the FIPS 140-2 validation, the module was tested on the following appliance configurations: SA-S500-10-CM SA-S500-20-FA SA-S500-30-FA SA-S500-40-FAThe module has a Multi-chip Standalone embodiment. The overall security level is 2. The cryptographicboundary of the module is defined by the tested platform, which surrounds all components. The modulesoftware 7.2.3, includes the following cryptographic libraries: SA Cryptographic Library v7.2.32.3Module InterfacesThe module’s physical ports can be categorized into the following logical interfaces defined by FIPS 1402: Data input 2017 Symantec Corporation8 of 44Updated 5 Jun 2017
Data output Control input Status output2.3.1 SA-S500-10-CM/20-FA/30-FA/40-FA Front PanelThe front panel of the SA S500 appliances (as shown below in Figure 2) have an LCD interface, two LEDs,a USB port, and six control buttons. The control buttons and USB port on the front panel are disabled oncethe module is configured for its Approved mode of operation.Figure 2 Connection Ports at the Front of the SA-S500 AppliancesThe type and quantity of all ports present in the front panel of the SA-S500 appliances are given in Table3.Table 3 FIPS 140-2 Logical Interface Mappings for the front of the SA-S500 AppliancesPhysical Port/InterfaceQuantityFIPS 140-2 InterfaceLEDs2Status OutputLCD1Status OutputControl Buttons6N/A (buttons are disabled)USB 2.0 port1N/A (USB is disabled)The status indications provided by the LEDs is described in Table 4. 2017 Symantec Corporation9 of 44Updated 5 Jun 2017
Table 4 Front Panel LED Status Indications for the SA-S500 AppliancesLEDColorDefinitionPower LEDOFFAMBERThe appliance is powered offThe appliance is booting and theOS load is not yet complete.The OS has been loaded but hasnot been configured.The OS has loaded and is properlyconfigured.The appliance has not determinedthe system statusHealthyWarningCritical WarningFLASHING GREEN TO AMBERGREENSystem LEDOFFGREENAMBERFLASHING AMBER2.3.2 SA-S500-10-CM Rear PanelThe rear panel of the –CM and -FA appliances slightly differ in the rear-facing port configurations.The rear ports and interfaces available on the SA-S500 appliances are shown in Figure 3. Based on thespecific model, slots 3-7 may be populated with additional copper or Fiber ports for storage and networktraffic related needs.The models/Part numbers listed include the following base configuration and were tested, as such.SA-S500-10-CM (P/N 090-03645, P/N 080-03938) Slot 7 populatedSA-S500-20-FA (090-03646, 080-03939) Slots 5 and 7 populatedSA-S500-30-FA (090-03648, 080-03940) Slots 5, 6, and 7 populatedSA-S500-40-FA (090-03649, 080-03941) Slots 5, 6, and 7 populated 2017 Symantec Corporation10 of 44Updated 5 Jun 2017
Figure 3 Rear of the SA-S500 AppliancesThe type and quantity of all ports present on the rear panel of the SA-S500-10-CM appliance are providedbelow in Table 5. The LED status indicators, color, and definitions are provided below in Table 6.Table 5 FIPS 140-2 Logical Interface Mappings for the rear of the SA-S500-10-CM AppliancePhysical Port/InterfaceQuantityFIPS 140-2 InterfaceEthernet Ports4System MGMT Port1BMC1 Management Port (Serial over Ethernet)Ethernet Interface – Speed LEDsEthernet Interface – Activity LEDsSerial port16-86-81AC PowerAC Power Connection LEDsSoft Power SwitchUSB 2.0 Port2211Data InputData OutputControl InputStatus OutputData InputData OutputControl InputStatus OutputN/A (port is disabled)Status OutputStatus OutputControl InputStatus OutputPower InputStatus OutputControl InputN/A (port is disabled)Table 6 Rear Panel LED Status Indications for the SA-S500-10-CM Appliance1BMC – Base Management Controller 2017 Symantec Corporation11 of 44Updated 5 Jun 2017
LEDColorDefinitionAC power connection LEDOFFGREENOFFGREENFLASHING GREENOFFThe module is not receiving power.The module is receiving power.No link is present.Link is presentLink activity.10 Mbps speed connection ispresent.100 Mbps speed connection ispresent.1000 Mbps speed connection ispresent.Ethernet Interface –Activity LEDsEthernet Interface –Speed LEDsGREENAMBER2.3.3 SA-S500-20-FA Rear PanelThe type and quantity of all ports present on the rear panel of the SA-S500-20-FA appliance are providedbelow in Table 7. The LED status indicators, color, and definitions are provided below in Table 8.Table 7 FIPS 140-2 Logical Interface Mappings for the rear of the SA-S500-20-FA AppliancePhysical Port/InterfaceQuantityFIPS 140-2 InterfaceEthernet Interface – 10GigE Copper2Data InputData OutputSystem Management Port1BMC Management Port12Gbps SAS3 Port10-41/10 GigE SX/SR Fibre Channel Port2Ethernet Interface – Speed LEDsEthernet Interface – Activity LEDsSerial ports6-86-81AC PowerAC Power Connection LEDsSoft Power SwitchUSB 2.0 Port2211Data InputData OutputControl InputStatus OutputN/A (port is disabled)Data InputData OutputData InputData OutputStatus OutputStatus OutputControl Input StatusOutputPower InputStatus OutputControl InputN/A (port is disabled) 2017 Symantec Corporation12 of 44Updated 5 Jun 2017
Table 8 Rear Panel LED Status Indications for the SA-S500-20-FA ApplianceLEDColorDefinitionAC power connection LEDOFFGREENOFFGREENFLASHING GREENOFFThe module is not receiving power.The module is receiving power.No link is present.Link is presentLink activity.10 Mbps speed connection ispresent.100 Mbps speed connection ispresent.1000 Mbps speed connection ispresent.Ethernet Interface –Activity LEDsEthernet Interface –Speed LEDsGREENAMBER2.3.4 SA-S500-30-FA Rear PanelThe type and quantity of all ports present on the rear panel of the SA-S500-30-FA appliance are providedbelow in Table 9. The LED status indicators, color, and definitions are provided below in Table 10.Table 9 FIPS 140-2 Logical Interface Mappings for the rear of the SA-S500-30-FA AppliancePhysical Port/InterfaceQuantityFIPS 140-2 InterfaceEthernet Interface – 10GigE Copper2Data InputData OutputSystem Management Port1BMC Management PortEthernet Ports1412Gbps SAS3 Port0-21/10 GigE SX/SR Fibre Channel Port0-4Ethernet Interface – Speed LEDsEthernet Interface – Activity LEDsSerial ports6-86-81Data InputData OutputControl InputStatus OutputN/A (port is disabled)Data InputData OutputControl InputStatus OutputData InputData OutputData InputData OutputStatus OutputStatus OutputControl Input StatusOutput 2017 Symantec Corporation13 of 44Updated 5 Jun 2017
Physical Port/InterfaceQuantityFIPS 140-2 InterfaceAC PowerAC Power Connection LEDsSoft Power SwitchUSB 2.0 Port2211Power InputStatus OutputControl InputN/A (port is disabled)Table 10 Rear Panel LED Status Indications for the SA-S500-30-FA ApplianceLEDCOLORDEFINITIONAC power connection LEDOFFGREENOFFGREENFLASHING GREENOFFThe module is not receiving power.The module is receiving power.No link is present.Link is presentLink activity.10 Mbps speed connection ispresent.100 Mbps speed connection ispresent.1000 Mbps speed connection ispresent.Ethernet Interface –Activity LEDsEthernet Interface –Speed LEDsGREENAMBER2.3.5 SA-S500-40-FA Rear PanelThe type and quantity of all ports present on the rear panel of the SA-S500-40-FA appliance are providedbelow in Table 9. The LED status indicators, color, and definitions are provided below in Table 10.Table 11 FIPS 140-2 Logical Interface Mappings for the rear of the SA-S500-40-FA AppliancePhysical Port/InterfaceQuantityFIPS 140-2 InterfaceEthernet Interface – 10GigE Copper2Data InputData OutputEthernet Ports4System MGMT Port1BMC Management PortEthernet Interface – Speed LEDs16-8Data InputData OutputControl InputStatus OutputData InputData OutputControl InputStatus OutputN/A (port is disabled)Status Output 2017 Symantec Corporation14 of 44Updated 5 Jun 2017
Physical Port/InterfaceQuantityFIPS 140-2 InterfaceEthernet Interface – Activity LEDs12Gbps SAS3 Port6-80-21/10 GigE SX/SR Fibre Channel Port0-4Serial port1AC PowerAC Power Connection LEDsSoft Power SwitchUSB 2.0 Port2211Status OutputData InputData OutputData InputData OutputControl InputStatus OutputPower InputStatus OutputControl InputN/A (port is disabled)Table 12 Rear Panel LED Status Indications for the SA-S500-40-FA ApplianceLEDCOLORDEFINITIONAC power connection LEDOFFGREENOFFGREENFLASHING GREENOFFThe module is not receiving power.The module is receiving power.No link is present.Link is presentLink activity.10 Mbps speed connection ispresent.100 Mbps speed connection ispresent.1000 Mbps speed connection ispresent.Ethernet Interface –Activity LEDsEthernet Interface –Speed LEDsGREENAMBER2.4Roles and ServicesBefore accessing the modules for any administrative services, COs and Users must authenticate to themodule according to the methods specified in Table 16.The modules offer the following management interfaces: Web UI (HTTPS/TLS) CLI (locally via serial port or remotely via SSH) Web Services API (HTTPS/TLS)The CO and User details are found below in Table 13. 2017 Symantec Corporation15 of 44Updated 5 Jun 2017
Table 13 FIPS and Security Analytics S500 Appliance RolesFIPS RolesCOUserSecurity Analytics S500 ApplianceRoles and PrivilegesAdministrator, Security AdministratorUserDescriptions of the services available to a Crypto Officer (CO) and User are described below in Table 14and Table 15 respectively. For each service listed below, COs and Users are assumed to already haveauthenticated prior to attempting to execute the service, except for the services related to establishing asession with the module. Please note that the keys and CSPs listed in the table indicate the type of accessrequired using the following notation: R: The CSP is readW: The CSP is established, generated, modified, or zeroizedX: Execute: The CSP is used within an Approved or Allowed security function or authenticationmechanism.2.4.1 Crypto-Officer RoleDescriptions of the FIPS 140-2 relevant services available to the Crypto-Officer role are provided in thetable below.Table 14 Crypto Officer Role Services and CSP AccessServiceDescriptionCSP And Access RequiredShow StatusDisplays the operational status ofthe module and if the module isoperating in the Approved mode.By rebooting the module, thepower-up self-tests will be invokedAs part of the module initializationprocess performed by the CO, theSSH and Web RSA key pairs arecreated during the initial boot cycle.COs can change their ownpasswordCOs can initiate updates to therunning firmwareNoneOn-demand Self-TestInitial Key GenerationServiceChange own passwordFirmware Load 2017 Symantec Corporation16 of 44NoneSSH RSA public key: WSSH RSA private key: WWeb RSA public key: WWeb RSA private key: WCO Password: RWFirmware Load Key: RXUpdated 5 Jun 2017
ServiceDescriptionCSP And Access RequiredCreate remotemanagement session (CLI)Manage the module through the CLI(SSH) remotely via Ethernet port.Create remotemanagement session (WebUI)Manage the module through theWeb UI (TLS) remotely via Ethernetport.Create remotemanagement session (WebAPI)Manage the module through theWeb API (TLS) remotely viaEthernet port.SSH RSA public key: RXSSH RSA private key: RXSSH Session Key: WRXSSH Authentication Key:WRXDH public key: RXDH private key: RXECDHE public key: RXECDHE private key: RXHMAC DRBG Seed: RXHMAC DRBG Entropy: RXHMAC DRBG V: RXHMAC DRBG Key: RXCO Password: RWeb RSA public key: RXWeb RSA private key: RXECDHE public key: RXECDHE private key: RXDH public key: RXDH private key: RXTLS Session Key: WRXTLS Authentication Key:WRXTLS Master Secret: WRXHMAC DRBG Seed: RXHMAC DRBG Entropy: RXHMAC DRBG V: RXHMAC DRBG Key: RXCO Password: RWeb RSA public key: RXWeb RSA private key: RXECDHE public key: RXECDHE private key: RXDH public key: RXDH private key: RXWeb API Passphrase: RXTLS Session Key: WRXTLS Authentication Key:WRXTLS Master Secret: WRXHMAC DRBG Seed: RXHMAC DRBG Entropy: RXHMAC DRBG V: RXHMAC DRBG Key: RXCO Password: R 2017 Symantec Corporation17 of 44Updated 5 Jun 2017
ServiceDescriptionCSP And Access RequiredConfigure Module SettingsCOs can modify the: network, date and time, license management, Web UI timeouts, log management, user accounts, geo-location settingsCO Password: WProcess Captured TrafficCOs can:’ Import traffic generate reports, apply filters perform searches andanalysis on the capturedtraffic.Zeroize keys by taking the moduleout of FIPS-mode. This will zeroizeall CSPs. The zeroization occurswhile the module is still in FIPSmode.NoneZeroize keysView Data EnrichmentResultsConfigure Data RetentionSettingsView the results of the dataenrichment resourcesCOs can modify the data retentionsettings for the collected dataReprocess/ReplayCaptured Network Traffi
This is a Non-Proprietary Cryptographic Module Security Policy for the Security Analytics S500 Appliance (090-03645, 080-03938, 090-03646, 080-03939, 090-03648, 080-03940, 090-03649, and 080-03941; 7.2.3) from Symantec Corporation. This Non-Proprietary Security
Swedish Certification Body for IT Security Certification Report Symantec Security Analytics S500 17FMV4902-54:1 2.0 2018-12-19 FMVID-297-738 3 (19) 1 Executive Summary The Target of Evaluation, TOE, is a network device intended for traffic monitoring and security analysis. The TOE is part of t
Symantec Email Security.cloud, Symantec Advanced Threat Protection for Email, Symantec’s CloudSOC Service, and the Symantec Probe Network. Filtering more than 338 million emails, and over 1.8 billion web requests each day, Symantec’s proprietary Skeptic technol
ST Title Blue Coat Systems, Inc. Blue Coat ProxySG S400 and S500 running SGOS v6.5 Security Target ST Version Version 1.4 ST Author atsec information security corporation ST Publication Date 2015-02-06 TOE Reference Blue Coat ProxySG S400 and S500 running SGOS v6.5.2.10 build: 149935 1 SGOS - Secure Gateway Operating System
3. Symantec Endpoint Protection Manager 4. Symantec Endpoint Protection Client 5. Optional nnFortiClient EMS For licenses to Symantec Endpoint Protection, please contact Symantec’s respective sales team. NOTE: This guide is pertinent to the integration between the relevant portions of the FortiGate, the FortiClient, and Symantec Endpoint .
Installing Symantec Endpoint Protection Manager on the Amazon EC2 platform Symantec Endpoint Protection Manager is installed by deploying the Symantec Endpoint Protection Manager AMI (Amazon Machine Image) from AWS Marketplace. Symantec Endpoint Protection Manager AMI can be
Symantec Email Security.cloud Data Sheet: Messaging Security Symantec Email Security.cloud filters unwanted messages and protects mailboxes from targeted attacks. The service has self-learning capabilities and Symantec intelligence to deliver highly effective and accurate email security. Encryption and data loss
Symantec Messaging Gateway Cryptographic Module may also be referred to as the "module" in this document. 1.3 External Resources The Symantec website (www.symantec.com) contains information on Symantec services and products. The Cryptographic Module Validation Program website contains links to the FIPS 140-2 certificate and
ANsi A300 (Part 9) and isA bMP as they outline how risk tolerance affects risk rating, from fieldwork to legal defense, and we wanted to take that into account for the Unitil specification. The definitions and applications of the following items were detailed:
