FIPS 140-2 Security Policy - CSRC

3y ago
51 Views
5 Downloads
240.69 KB
20 Pages
Last View : Today
Last Download : 2m ago
Upload by : Jerry Bolanos
Transcription

FIPS 140-2 Security PolicyFortiOS 5.2MGMT 1FortiGate 300DCONSOLEUSB12345678USB MGMTMGMT 2FortiOS 5.2 Non-Proprietary FIPS 140-2 Security PolicyDocument Version: 1.7Publication Date:October 3, 2016Description:Documents FIPS 140-2 Level 1 Security Policy issues, compliancy and requirements for FIPScompliant operation.Firmware Version:v5.2.7,build0718,160328

FortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-20151016Copyright 2016 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard ,and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, andother Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All otherproduct or company names may be trademarks of their respective owners. Performance and other metricscontained herein were attained in internal lab tests under ideal conditions, and actual performance andother results may vary. Network variables, different network environments and other conditions may affectperformance results. Nothing herein represents any binding commitment by Fortinet, and Fortinetdisclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding writtencontract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identifiedproduct will perform according to certain expressly-identified performance metrics and, in such event, onlythe specific performance metrics expressly identified in such binding written contract shall be binding onFortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditionsas in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to futuredeliverables, features or development, and circumstances may change such that any forward-lookingstatements herein are not accurate. Fortinet disclaims in full any covenants, representations, andguarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,transfer, or otherwise revise this publication without notice, and the most current version of the publicationshall be applicable.This document may be freely reproduced and distributed whole and intact including this copyright notice.

ContentsOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Security Level Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Module Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Module Interfaces . . . . . . . . . . . . . . . . . . . . .Web-Based Manager. . . . . . . . . . . . . . . . . . . .Command Line Interface . . . . . . . . . . . . . . . . . .Roles, Services and Authentication . . . . . . . . . . . .Roles . . . . . . . . . . . . . . . . . . . . . . . . . .FIPS Approved Services . . . . . . . . . . . . . . . .Non-FIPS Approved Services . . . . . . . . . . . . .Authentication . . . . . . . . . . . . . . . . . . . . .Physical Security . . . . . . . . . . . . . . . . . . . . . .Operational Environment . . . . . . . . . . . . . . . . . .Cryptographic Key Management . . . . . . . . . . . . . .Random Number Generation . . . . . . . . . . . . .Entropy Token . . . . . . . . . . . . . . . . . . . . .Key Zeroization . . . . . . . . . . . . . . . . . . . .Algorithms . . . . . . . . . . . . . . . . . . . . . . .Cryptographic Keys and Critical Security Parameters .Alternating Bypass Feature . . . . . . . . . . . . . .Key Archiving. . . . . . . . . . . . . . . . . . . . . . . .6677789910101111111112131516Mitigation of Other Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16FIPS 140-2 Compliant Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . .17Enabling FIPS-CC mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17Self-Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18FortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-201510161

OverviewThis document is a FIPS 140-2 Security Policy for Fortinet Incorporated’s FortiOS 5.2firmware, which runs on the FortiGate family of security appliances. This policy describeshow the FortiOS 5.2 firmware (hereafter referred to as the ‘module’) meets the FIPS 140-2security requirements and how to operate the module in a FIPS compliant manner. Thispolicy was created as part of the FIPS 140-2 Level 1 validation of the module.The Federal Information Processing Standards Publication 140-2 - Security Requirementsfor Cryptographic modules (FIPS 140-2) details the United States Federal Governmentrequirements for cryptographic modules. Detailed information about the FIPS 140-2standard and validation program is available on the NIST (National Institute of Standardsand Technology) website at ferencesThis policy deals specifically with operation and implementation of the module in thetechnical terms of the FIPS 140-2 standard and the associated validation program. OtherFortinet product manuals, guides and technical notes can be found at the Fortinettechnical documentation website at http://docs.fortinet.com.Additional information on the entire Fortinet product line can be obtained from thefollowing sources: Find general product information in the product section of the Fortinet corporatewebsite at http://www.fortinet.com/products. Find on-line product support for registered products in the technical support section ofthe Fortinet corporate website at http://www.fortinet.com/support. Find contact information for technical or sales related questions in the contacts sectionof the Fortinet corporate website at http://www.fortinet.com/contact. Find security information and bulletins in the FortiGuard Center of the Fortinetcorporate website at http://fortiguard.com.IntroductionThe FortiGate product family spans the full range of network environments, from SOHO toservice provider, offering cost effective systems for any size of application. FortiGateappliances detect and eliminate the most damaging, content-based threats from email andWeb traffic such as viruses, worms, intrusions, inappropriate Web content and more inreal time — without degrading network performance. In addition to providing applicationlevel firewall protection, FortiGate appliances deliver a full range of network-level services— VPN, intrusion prevention, web filtering, antivirus, antispam and traffic shaping — indedicated, easily managed platforms.FortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-201510162

Security Level SummaryAll FortiGate appliances employ Fortinet’s unique FortiASIC content processing chip andthe powerful, secure, FortiOS firmware achieve breakthrough price/performance. Theunique, ASIC-based architecture analyzes content and behavior in real time, enabling keyapplications to be deployed right at the network edge where they are most effective atprotecting enterprise networks. They can be easily configured to provide antivirusprotection, antispam protection and content filtering in conjunction with existing firewall,VPN, and related devices, or as complete network protection systems. The modulessupport High Availability (HA) in both Active-Active (AA) and Active-Passive (AP)configurations.FortiGate appliances support the IPSec industry standard for VPN, allowing VPNs to beconfigured between a FortiGate appliance and any client or gateway/firewall that supportsIPSec VPN. FortiGate appliances also provide SSL VPN services using TLS 1.2.Security Level SummaryThe module meets the overall requirements for a FIPS 140-2 Level 1 validation.Table 1: Summary of FIPS security requirements and compliance levelsSecurity RequirementComplianceLevelCryptographic module Specification1Cryptographic module Ports and Interfaces3Roles, Services and Authentication3Finite State Model1Physical Security1Operational EnvironmentN/ACryptographic Key Management1EMI/EMC1Self-Tests1Design Assurance3Mitigation of Other Attacks1Module DescriptionThe module is a firmware operating system that runs exclusively on Fortinet’s FortiGateproduct family. FortiGate units are PC-based, purpose built appliances.The FortiGate units are multiple chip, standalone cryptographic modules consisting ofproduction grade components contained in a physically protected enclosure.FortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-201510163

Module DescriptionFigure 1: FortiOS Physical Cryptographic BoundaryThe Boot Device in Figure 1 can refer to a separate, internal component or a partition onthe Mass Storage device. All references herein of ‘boot device’ shall refer to theconfiguration specific to the FortiGate appliance.Figure 2: FortiOS Logical Cryptographic BoundaryFirmwareData I/OControl InputStatus OutputFor the purposes of FIPS 140-2 conformance testing, the module was tested on aFortiGate-300D unit and used a Fortinet entropy token (FTR-ENT-1) as the entropysource.The validated firmware version is FortiOS v5.2.7,build0718,160328.The module can also be executed on any of the following FortiGate/FortiWiFi units andremain vendor affirmed FIPS-compliantFortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-201510164

Module DFortiGate-100C-RuggedFortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-201510165

Module DescriptionThe CMVP makes no statement as to the correct operation of the module or the securitystrength of the generated keys when so ported if the specific operational environment isnot listed on the validation certificate.Module InterfacesThe module’s logical interfaces and physical ports are described in Table 2.Table 2: FortiOS logical interfaces and physical portsFIPS 140 Interface Logical InterfacePhysical PortData InputAPI input parametersNetwork interface, USB interface(Entropy token)Data OutputAPI output parametersNetwork interfaceControl InputAPI function callsNetwork interface, serial interface,USB interface (Entropy token)Status OutputAPI return valuesNetwork interface, serial interfacePower InputN/AThe power supply is the powerinterfaceWeb-Based ManagerThe FortiGate web-based manager provides GUI based access to the module and is theprimary tool for configuring the module. The manager requires a web browser on themanagement computer and an Ethernet connection between the FortiGate unit and themanagement computer.A web-browser that supports Transport Layer Security (TLS) 1.2 is required for remoteaccess to the web-based manager when the module is operating in FIPS-CC mode. HTTPaccess to the web-based manager is not allowed in FIPS-CC mode and is disabled.FortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-201510166

Module DescriptionFigure 3: The FortiGate web-based manager3Command Line InterfaceThe FortiGate Command Line Interface (CLI) is a full-featured, text based managementtool for the module. The CLI provides access to all of the possible services andconfiguration options in the module. The CLI uses a console connection or a network(Ethernet) connection between the FortiGate unit and the management computer. Theconsole connection is a direct serial connection. Terminal emulation software is requiredon the management computer using either method. For network access, a Telnet or SSHclient that supports the SSH v2.0 protocol is required (SSH v1.0 is not supported in FIPSCC mode). Telnet access to the CLI is not allowed in FIPS-CC mode and is disabled.Roles, Services and AuthenticationRolesWhen configured in FIPS-CC mode, the module provides the following roles: Crypto Officer Network UserThe Crypto Officer role is initially assigned to the default ‘admin’ operator account. TheCrypto Officer role has read-write access to all of the module’s administrative services.The initial Crypto Officer can create additional operator accounts. These additionalaccounts are assigned the Crypto Officer role and can be assigned a range of read/writeor read only access permissions including the ability to create operator accounts.The module also provides a Network User role for end-users (Users). Network Users canmake use of the encrypt/decrypt services, but cannot access the module for administrativepurposes.The module does not provide a Maintenance role.FortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-201510167

Module DescriptionFIPS Approved ServicesThe following tables detail the types of FIPS approved services available to each role ineach mode of operation, the types of access for each role and the Keys or CSPs theyaffect.The access types are abbreviated as follows:Read AccessRWrite AccessWExecute AccessETable 3: Services available to Crypto OfficersServiceAccessKey/CSPauthenticate to moduleWEOperator Password, Diffie-Hellman Key,HTTP/TLS and SSH Server/Host Keys,HTTPS/TLS and SSH SessionAuthentication Keys, and HTTPS/TLSSession Encryption Keys, DRBG Output,DRBG Seed, DRBG Input Stringshow system statusWEN/Ashow FIPS-CC modeenabled/disabled(console/CLI only)WEN/Aenable FIPS-CC mode of operation(console only)WEConfiguration Integrity Keykey zeroizationWEAll Keys, See “Key Zeroization” onpage 11execute factory reset (disable FIPSCC mode, console/CLI only)EAll keys except firmware update key,configuration integrity key, configurationbackup keyexecute FIPS-CC on-demand selftests (console only)EConfiguration Integrity Key, FirmwareIntegrity Keyadd/delete operators and networkusersWECrypto Officer Password,Network User Passwordset/reset operator and network userpasswordsWECrypto Officer Password,Network User Passwordbackup/restore configuration fileWEConfiguration Encryption Key,Configuration Backup Keyread/set/delete/modify moduleconfigurationWEN/Aexecute firmware updateEFirmware Update Keyread log dataWEN/Adelete log data (console/CLI only)WEN/Aexecute system diagnostics(console/CLI only)WEN/AFortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-201510168

Module DescriptionTable 3: Services available to Crypto OfficersServiceAccessKey/CSPenable/disable alternating bypassmodeWEN/Aread/set/delete/modify IPSec/SSLVPN configurationN/AIPSec: IPSec Manual AuthenticationKey, IPSec Manual Encryption Key, IKEPre-Shared Key, IKE RSA KeySSL: HTTPS/TLS Server/Host Key,HTTPS/TLS Session Authentication Key,HTTPS/TLS SSH Session EncryptionKeyread/set/modify HA configurationWEHA Password, HA Encryption KeyTable 4: Services available to Network Users in FIPS-CC modeService/CSPAccessKey/CSPauthenticate to moduleWENetwork User Password, Diffie-HellmanKey, HTTPS/TLS Server/Host Key,HTTPS/TLS Session AuthenticationKey, HTTPS/TLS Session EncryptionKey, DRBG Output, DRBG Seed, DRBGInput StringIPSec VPN controlled by firewallpoliciesEDiffie-Hellman Key, IKE and IPSecKeys, DRBG Output, DRBG Seed,DRBG Input StringSSL VPN controlled by firewallpoliciesENetwork User Password, Diffie-HellmanKey, HTTPS/TLS Server/Host Key,HTTPS/TLS Session AuthenticationKey, HTTPS/TLS Session EncryptionKey, DRBG Output, DRBG Seed, DRBGInput StringNon-FIPS Approved ServicesThe module also provides the following non-FIPS approved services: Configuration backups using password protection LLTP and PPTP VPNAll services in Table 3 and Table 4 are considered non-approved when using the followingalgorithms: Non-compliant-strength Diffie-Hellman Non-compliant-strength RSA key wrapping DES HMAC-MD5AuthenticationThe module implements identity based authentication. Operators must authenticate with auser-id and password combination to access the modules remotely or locally via theconsole. Remote operator authentication is done over HTTPS (TLS) or SSH. Thepassword entry feedback mechanism does not provide information that could be used toguess or determine the authentication data.FortiOS 5.2 FIPS 140-2 Security Policy01-525-296259-201510169

Module DescriptionBy default, Network User access to the modules is based on firewall policy andauthentication by IP address or fully qualified domain names. Network Users canoptionally be forced to authenticate to the modules using a username/passwordcombination to enable use of the IPSec VPN encrypt/decrypt or bypass services. ForNetwork Users invoking the SSL-VPN encrypt/decrypt services, the modules supportauthentication with a user-id/password combination. Network User authentication is doneover HTTPS and does not allow access to the modules for administrative purposes.Note that operator authentication over HTTPS/SSH and Network User authentication overHTTPS are subject to a limit of 3 failed authentication attempts in 1 minute; thus, themaximum number of attempts in one minute is 3. Therefore the probability of a successwith multiple consecutive attempts in a one-minute period is 3 in 948 which is less than1/100,000.Operator authentication using the console is not subject to a failed authentication limit, butthe number of authentication attempts per minute is limited by the bandwidth availableover the serial connection which is a maximum of 115,200 bps which is 6,912,000 bits perminute. An 8 byte password would have 64 bits, so there would be no more than 108,000passwords attempts per minute. Therefore the probability of success would be1/(948/108,000) which is less than 1/100,000The minimum password length is 8 characters when in FIPS-CC mode (maximumpassword length is 32 characters). The password may contain any combination of upperand lower-case letters, numbers, and printable symbols; allowing for 94 possiblecharacters. The odds of guessing a password are 1 in 94 8 which is significantly lowerthan one in a million. Recommended procedures to increase the password strength areexplained in “FIPS 140-2 Compliant Operation” on page 17.For Network Users invoking the IPSec VPN encrypt/decrypt services, the module acts onbehalf of the Network User and negotiates a VPN connection with a remote module. Thestrength of authentication for IPSec services is based on the authentication methoddefined in the specific firewall policy: IPSec manual authentication key, IKE pre-sharedkey or IKE RSA key (RSA certificate). The odds of guessing the authentication key foreach IPSec method is: 1 in 1640 for the IPSec Manual Authentication key (based on a 40 digit, hexadecimalkey) 1 in 948 for the IKE Pre-shared Key (based on an 8 character, ASCII printable key) 1 in 2112 for the IKE RSA Key (based on a 2048bit RSA key size)Therefore the minimum odds of guessing the authentication key for IPSec is 1 in 948,based on the IKE Pre-s

FortiOS 5.2 FIPS 140-2 Security Policy 01-525-296259-20151016 2 Overview This document is a FIPS 140-2 Security Policy for Fortinet Incorporated’s FortiOS 5.2 firmware, which runs on the FortiGate family of security appliances. This policy describes how the FortiOS 5.2 firmware (hereafter referred to as the ‘module’) meets the FIPS 140-2

Related Documents:

This Security Policy describes how the Dual Interface Security Controller SLE78 and Java Card Platform binary code meets the security requirements of FIPS 140-2 and CM’s operation in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 3 FIPS 140-2 validation of the module. FIPS 140-2

Wireless Access Points with FIPS 140-2 Level 2 validation from Aruba Networks. This security policy describes how the AP meets the security requirements of FIPS 140-2 Level 2, and how to place and maintain the AP in a secure FIPS 140-2 mode. This policy was prepared as part of the FIPS 140-2 Level 2 validation of the product.

FIPS 140-2 Security Policy KeyPair FIPS Object Module for OpenSSL Page 4 of 18 1 Introduction This document is the non-proprietary security policy for the KeyPair FIPS Object Module for OpenSSL (FIPS 140-2 Cert. #3503), hereafter referred to as the Module. The Module is a software library providing a C language application program interface (API) for use by

LogRhythm FIPS Object Module FIPS 140-2 Security Policy Page 3 of 33 References Reference Full Specification Name [ANS X9.31] Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA) [FIPS 140-2] Security Requirements for Cryptographic modules, May 25, 2001 [FIPS 180-4] Secure Hash Standard

FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. Note This document may be copied in its entirety and without modification. All copies must include the copyright notice and statements on the last page. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 — Security .

security policy describes the Nokia VPN Appliance and describes how it meets the security requirements of FIPS 140-2. It also describes how to run the module in an Approved FIPS 140-2 mode of operation. This document was prepared as part of the FIPS 140-2 Level 2 validation of the module.

OpenSSL FIPS Object Module SE Version 2.0.16 By OpenSSL Validation Services OpenSSL FIPS 140-2 Security Policy Version 2.0.16 April 24, 2017. . OpenSSL FIPS 140 2 Security Policy Acknowledgments OpenSSL Validation Services (OVS) serves as the "vendor" for this validation. Project management

Adventure tourism consumption refers to tourists experiences of actually consuming adventure activities while on holiday, and the benefits gained from these experiences. Adventure is often all-consuming and challenging and this means it can prompt diverse and conflicting emotions, ranging from feelings of fear and risk to deep satisfaction and elation (Swarbrooke, Beard, Leckie & Pomfret, 2003 .