FIPS 140-2 Cryptographic Module Security Policy
Nokia VPN ApplianceFIPS 140-2 Cryptographic Module Security PolicyLevel 2 ValidationVersion 1.1March 2008Module Hardware Versions:IP390 and IP560Firmware Version:IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03]IPSO v4.2 and Check Point VPN-1 NGX (R65) [HFA-02] Copyright 2006, 2007, 2008 NokiaThis document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Table of Contents1INTRODUCTION. 31.11.22PURPOSE . 3REFERENCES . 3NOKIA VPN APPLIANCE. 42.1 OVERVIEW . 42.2 CRYPTOGRAPHIC MODULE . 52.3 MODULE INTERFACES. 72.4 ROLES AND SERVICES . 92.4.1 Crypto Officer Role . 92.4.2 User Role . 162.4.3 Authentication Mechanisms. 172.5 ELECTROMECHANICAL INTERFERENCE/COMPATIBILITY (FCC COMPLIANCE) . 192.6 PHYSICAL SECURITY . 192.7 OPERATIONAL ENVIRONMENT . 192.8 CRYPTOGRAPHIC KEY MANAGEMENT . 192.8.1 Key Generation . 262.8.2 Key Establishment. 262.8.3 Key Entry and Output . 272.8.4 Key Storage. 272.8.5 Key Zeroization . 272.9 SELF-TESTS . 282.10 DESIGN ASSURANCE . 292.11 MITIGATION OF OTHER ATTACKS . 293SECURE OPERATION (APPROVED MODE) . 303.1 CRYPTO OFFICER GUIDANCE . 303.1.1 Hardware Setup . 303.1.2 Installing the Module Firmware. 333.1.3 Initializing Check Point Modules. 333.1.4 Setting the Module to FIPS Mode. 343.1.5 Initializing the Remote Management of the Module. 343.1.6 Management and Monitoring. 363.2 USER GUIDANCE . 41APPENDIX A – DISABLED MECHANISMS. 43APPENDIX B – ALGORITHM VALIDATION CERTIFICATE NUMBERS . 44APPENDIX C – ACRONYM DEFINITIONS . 46 Copyright 2006, 2007, 2008 NokiaPage 2 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
1 INTRODUCTION1.1PurposeThis document is a nonproprietary Cryptographic Module Security Policysupporting the Nokia VPN Appliance family that has been designed tomeet the Reduction of Hazardous Material Standard (RoHS). Thissecurity policy describes the Nokia VPN Appliance and describes how itmeets the security requirements of FIPS 140-2. It also describes how torun the module in an Approved FIPS 140-2 mode of operation. Thisdocument was prepared as part of the FIPS 140-2 Level 2 validation of themodule.The modules covered in this Security Policy are the IP390 and the IP560.These modules implement the IPSO 4.2 operating system and the CheckPoint VPN -1 NGX (R65) [HFA-02] firmware.A previous version of the Nokia VPN Appliances running IPSO version 4.1and Check Point VPN-1 NGX (R60) [HFA-03] firmware are separatelyvalidated under FIPS 140-2 (FIPS 140-2 Certificate number XXX).This Security Policy supports the addition of Nokia’s IPSO firmwareversion 4.2 and Check Point’s VPN-1 NGX (R65) [HFA-02] firmware.There are no FIPS security relevant changes introduced between IPSOfirmware versions 4.1 and 4.2. In addition, there are no FIPS securityrelevant changes introduced between Check Point’s NGX (R60) [HFA-03]and NGX (R65) [HFA-02] firmware.The Nokia VPN Appliances are referenced collectively in this document asIP security platforms, security platforms, platforms, and the module(s).Specific differences between module hardware versions are pointed outwhere relevant.1.2ReferencesThis document deals only with operations and capabilities of the module inthe technical terms of a FIPS 140-2 cryptographic module security policy.The Nokia Web site (http://www.nokia.com/) contains information on thefull line of products from Nokia.Additional information regarding the Check Point VPN-1 firmware that isused inside the Nokia VPN Appliances, including specific configurationinstructions for the firmware can be found by referencing the Check PointVPN-1 FIPS 140-2 security policy, available at the following /1401/140sp/140spXXX.pdf Copyright 2006, 2007, 2008 NokiaPage 3 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
2 NOKIA VPN APPLIANCE2.1OverviewThe Nokia VPN Appliances are IP security platforms designed to provide asecure, reliable, and manageable integrated security solution for secureInternet communication and access control for networks. The securityplatforms combine the security-hardened operating system, IPSO, with themarket-leading Check Point VPN-1 firmware suite on a purpose-builtsecurity hardware platform. As network devices, the Nokia VPNAppliances support a comprehensive suite of IP-routing functions andprotocols, including RIPv1/RIPv2, IGRP, OSPF and BGP4 for unicasttraffic and DVMRP for multicast traffic.Some highlighted security features of the Nokia VPN Appliances are: Read/write and read-only access modes Screening of all incoming communications to ensure authorizeduser access SSH-secured remote management of the modules (IPSO) SSHv1 and SSHv2 supported TLS-secured remote management of Check Point applications Secure VPN between subsystems Multiple layers of authentication required when accessing theremote management interface for IPSOThe Nokia VPN Appliances are rack mounted devices that are differentiated through their internal CPU processors and performance levels. Themodules are designed to efficiently support real-world, mixed trafficsolutions. As VPN platforms, all modules greatly accelerate the embeddedCheck Point VPN-1/FireWall-1 performance by using the Nokia FirewallFlows. VPN performance is enhanced through the use of internalhardware cryptographic acceleration. The following chart illustrates theperformance differences of the modules covered by this Security Policy:ModelIP390IP560CPU TypeCeleron MXeon Copyright 2006, 2007, 2008 NokiaFirewall Speed3.0 Gbps6.0 GbpsVPN Speed (AES)500 Mbps1.78 GbpsPage 4 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
2.2Cryptographic ModuleThe Nokia VPN Appliances were tested as multi-chip standalonecryptographic modules. Each module’s metal enclosure physicallyencloses the complete set of hardware and firmware components, andrepresents the cryptographic boundary of each module. The cryptographicmodule supports the following hardware versions: IP390IP560– full width 1U rack mount– full width 1U rack mountThe Nokia VPN Appliances run the Nokia proprietary, security-hardenedIPSO operating system along with a binary image of the Check PointVPN-1 cryptographic firmware for VPN and firewall functionalities.The IP560 hardware chassis includes support for Field Replaceable Unit(FRU) upgrades to fans and power supplies (replaced with identicalcomponents). However, all FRU upgrades are performed by the factory ora reseller prior to delivery of the module to the end user. The end-user hasno option to service or install these internal components. All FRUcomponent slots are secured with tamper seals (see Section 3.1.1.1) forFIPS mode.The IPSO OS and the module’s physical hardware chassis and computingplatform provide the operational environment upon which the Check PointVPN-1 application binary executes. The following firmware combinationswere used for the FIPS 140-2 validation testing covered by this SecurityPolicy: IPSO v4.1 with Check Point VPN-1 NGX (R60) [HFA-03] IPSO v4.2 with Check Point VPN-1 NGX (R65) [HFA-02]The cryptographic modules implement a version of Check Point firmwarethat has been previously validated under FIPS 140-2. However, the NokiaIPSO operating system and VPN Appliance hardware combinationconstitute different operational environments for the Check Point firmware;therefore the Check Point module binary image was packaged into eachof the Nokia VPN Appliance configurations and was retested as part of thecomplete Nokia VPN Appliance FIPS 140-2 solution.FIPS Algorithm validation testing was performed and validation certificatesobtained for all Approved cryptographic functions implemented by themodules covering all hardware and firmware configurations listed in thisdocument. This includes separate algorithm validations for algorithmsimplemented by IPSO, the Check Point VPN-1 firmware, and hardwareaccelerator chips. See Section 2.8 for a list of algorithms implemented.See Appendix B for a list of the Approved algorithm validation certificatenumbers. Copyright 2006, 2007, 2008 NokiaPage 5 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
The modules operate in both a non-Approved and Approved FIPS 140-2mode of operation. Only approved cryptographic algorithms and securityfunctions are allowed in the approved mode of operation. The modules areintended to meet overall FIPS 140-2 Level 2 requirements. The followingtable presents the individual FIPS 140-2 compliance areas and theSecurity Levels to which the modules were tested:FIPS 140-2DTRSection1234567891011Requirements Section TitleCryptographic Module SpecificationCryptographic Module Ports and InterfacesRoles, Services, and AuthenticationFinite State ModelPhysical SecurityOperational EnvironmentCryptographic Key ManagementEMI/EMCSelf-testsDesign AssuranceMitigation of Other AttacksLevelTested22222N/A2222N/ATable 1 – Intended Level Per FIPS 140-2 Copyright 2006, 2007, 2008 NokiaPage 6 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
2.3Module InterfacesThe security platforms provide a number of physical ports:10/100/1000 Ethernet Ports (standard)Auxiliary Port (Disabled)Console PortI/O Option Slots (for adding Dual-portGigabit Ethernet MMF, Dual-port SMF1000Base-LX, Dual-port GigE CopperV2, Four-port 10/100 MBps Ethernet(IP560 only), 1000BaseT or 1000 Mbpsfiber Ethernet, V.35, or X.21 protocoloptions)PCMCIA Slots (Not present in IP560;Disabled by IPSO in IP390)Power SwitchReset SwitchStatus LEDsRear Power IndicatorIP3904112IP56041142N/A11111 built in powersupply1 removable fanand power supplycovered bytamper seals1111 built in,additionaldepending onnumber of I/Ooption cardsinstalledFront Power IndicatorFault (see Table 3)Ethernet Port status (green indicatesconnection, yellow blinking indicatesdata being transmitted)Table 2 - FIPS 140-2 Physical Ports Copyright 2006, 2007, 2008 NokiaPage 7 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Table 3 - Descriptions of the status LEDs Copyright 2006, 2007, 2008 NokiaPage 8 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
The physical ports are separated into logical interfaces defined by FIPS140-2, as described in Table 4.Module Physical PortNetwork portsNetwork portsNetwork ports, console port,power switch, reset switchNetwork ports, console port,LEDsPower plug, Power switchFIPS 140-2 Logical InterfaceData input interfaceData output interfaceControl input interfaceStatus output interfacePower interfaceTable 4 - FIPS 140-2 Logical InterfacesData input and output, control input, and status output are defined asfollows: Data input and output are the packets that use the firewall, VPN,and routing functionalities of the modules. Control input consists of manual control inputs for power and resetthrough the power and reset switch. It also consists of all of thedata that is entered into the module while using the managementinterfaces. Status output consists of the status indicators displayed through theLEDs and the status data that is output from the modules whileusing the management interfaces.The modules distinguish between different forms of data, control, andstatus traffic over the network ports by analyzing the packets headerinformation and contents.2.4Roles and ServicesThe modules support role-based authentication. The two main roles in themodules (as required by FIPS 140-2) that operators can assume are: aCrypto Officer role and a User role.2.4.1Crypto Officer RoleThe Crypto Officer role can configure, manage, and monitor the module.Three management interfaces can be used for this purpose: CLI – the Crypto Officer can use the CLI to configure and monitorIPSO systems. There are two ways to access the Crypto Officerrole through the CLI. Access can be provided for the Crypto Officer Copyright 2006, 2007, 2008 NokiaPage 9 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
locally by using the console port or remotely by using the SSHsecured management session. SNMP – the Crypto Officer can use SNMPv3 to view MIB values. SmartDashBoard – the Check Point TLS-secured managementinterface. The Crypto Officer can use this interface after the initialconfiguration of the Check Point module through the CLI. The TLSclient RSA public key is used for authentication during TLS sessionestablishment.Figure 1 – Easy to Use Check Point Management ToolsDescriptions of the services available to the Crypto Officer role areprovided in Table 5 - Crypto Officer Services, Descriptions, Inputs, curityParameter(CSP) AccessStartupconfigurationProvide networkconnectivity and set apassword for the onsole)Status riteaccess)Provide for the loading offirmwareCommandsandconfigurationStatus ofcommandsandAdminpassword(read/writeFirmware loading(Not allowed in FIPS Copyright 2006, 2007, 2008 NokiaPage 10 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Parameter(CSP) )SSHProvide authenticated andencrypted sessions whileusing the CLISSH keytransport(SSHv1) orSSH keyagreement(SSHv2)parameters,SSH inputs,and dataSSH outputsand dataRSA (SSHv1and SSHv2) orDSA (SSHv2)host key pair(read access);RSA (SSHv1and SSHv2) orDSA (SSHv2)authorized key(read access);RSA server key(SSHv1 only,read access);Diffie-Hellmankey pair forSSHv2 keyexchange(read/writeaccess);session key forSSH(read/writeaccess); X9.31PRNG keys(read access)TLSProvide authenticated andencrypted sessions whileusing the Check Pointmanagement interfaceTLShandshakeparameters,TLS inputs,and dataTLS outputsand dataRSA key pairfor TLS keytransport (readaccess);session keysfor TLS(read/writeaccess); X9.31PRNG keys(read access)Boot managercommandsControl the boot-up processand obtain s ofcommandsand configuration dataPassword(read/writeaccess)SNMPv3 GetcommandsView MIB valuesCommandsStatus ofcommands,configurationdataPassword(read access)The passworditself is readwrite while thev3 service isread access Copyright 2006, 2007, 2008 NokiaPage 11 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
eter(CSP) AccessInterfacecommandsConfigure, manage, andview physical and logicalinterfaces through the CLI:view all interfaces; deleteany logical interface; viewIPsec VPN tunnels; viewstatus and statistics;configure ARP behavior,physical and logical ATMinterfaces, physical andlogical Ethernet interfaces,physical and logical FDDIinterfaces, physical andlogical ISDN interfaces,physical or logical loopbackinterfaces, and physical andlogical serial interfacesCommandsandconfigurationdataStatus onfigure, manage, andview the routing protocolsthrough the CLI: configure,manage, and view BGBBGP, OSPF, RIP, IGRP,IGMP, PIM, routeaggregation, BOOTP,DVMRP, static routes,,ICMP router discovery, IPbroadcast helper, NetworkTime Protocol, and dial ondemand routing; configure avariety of miscellaneousoptions that affect routing;configure trace routingsettings; view summaryinformation about routes onthe system; view generalinformation that the IPSOrouting daemon records;view information aboutmulticast forwarding cacheCommandsandconfigurationdataStatus ofcommandsandconfigurationdataNoneNetwork Securityand AccesscommandsConfigure, manage, andview the security andaccess features through theCLI: configure and viewnetwork access; addfirmware licenses to theplatform; configureAuthentication,Authorization, andAccounting (AAA); enableand disable and configureSSH services; add andCommandsandconfigurationdataStatus ofcommandsandconfigurationdataAdmin,monitor, userpasswords;shared secretfor RADIUS;shared secretfor TACPLUS;SSH host keys;SSHv1 serverkey; SSHauthorizedkeys; Copyright 2006, 2007, 2008 NokiaPage 12 of 46This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
ServiceDescriptionInputOutputdelete new system users;create and delete groups,and add and removemembers; enable anddisable a VPN acceleratorcard; display VPNaccelerator status orstatisticsCriticalSecurityParameter(CSP) AccessRead/writeaccess for allCSPsTrafficmanagementcommandsConfigure, manage, andview traffic managementfunctionality through theCLI: configure an accesslist to control the traffic fromone or more interfaces;create or delete existingaggregation classes andmodify the mean rate orburst size; configure depthof queues, assign logicalnames to some of thequeues, and set up a queuespecifier; add, delete, orshow
security policy describes the Nokia VPN Appliance and describes how it meets the security requirements of FIPS 140-2. It also describes how to run the module in an Approved FIPS 140-2 mode of operation. This document was prepared as part of the FIPS 140-2 Level 2 validation of the module.
The Barracuda Cryptographic Software Module is a cryptographic software library that provides fundamental cryptographic functions for applications in Barracuda security products that use Barracuda OS v2.3.4 and require FIPS 140-2 approved cryptographic functions. The FIPS 140-2 validation of the Barracuda Cryptographic Software
FIPS 140-2 Security Policy KeyPair FIPS Object Module for OpenSSL Page 4 of 18 1 Introduction This document is the non-proprietary security policy for the KeyPair FIPS Object Module for OpenSSL (FIPS 140-2 Cert. #3503), hereafter referred to as the Module. The Module is a software library providing a C language application program interface (API) for use by
the terminology contained in the FIPS 140-2 specification. FIPS 140-2, Security Requirements for Cryptographic Module specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CSE Cryptographic Module Validation Program (CMVP .
An “OpenSSL FIPS Object Module” (a.k.a. “FIPS module”) had been previously created. The FIPS module is a specially devised software component that was designed for compatibility with OpenSSL and created so that users can use a version of OpenSSL as a FIPS 140-validated cryptographic module. The FIPS module is about one-sixth the
This Security Policy describes how the Dual Interface Security Controller SLE78 and Java Card Platform binary code meets the security requirements of FIPS 140-2 and CM’s operation in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 3 FIPS 140-2 validation of the module. FIPS 140-2
LogRhythm FIPS Object Module FIPS 140-2 Security Policy Page 3 of 33 References Reference Full Specification Name [ANS X9.31] Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA) [FIPS 140-2] Security Requirements for Cryptographic modules, May 25, 2001 [FIPS 180-4] Secure Hash Standard
VMware View from VMware, Inc. This Security Policy describes how the PCoIP Cryptographic Module for VMware View (software version: 3.5.0) meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module.
1003 / 83 1496 / 99 31 / 6 44 / 7 64 / 8 100 / 10 147 / 13 201 / 16 290 / 20 10 20 20 30 40--SYNAC 32 SYNAC 46 SYNAC 68 SYNAC 100 SYNAC 150 SYNAC 220 SYNAC 320 L0932-L0933-L0934-L0935-L0936-L0937-L0938-*Synac Series Fluids are available in Pails & Drums. See page 15 for more information and package part number suffix. LUBRIPLATE PRODUCT SAE NO. VIS. INDEX FLASH POINT FIRE POINT POUR POINT VIS .
