FIPS 140-2 Non-Proprietary Security Policy
FIPS 140-2 Non-Proprietary Security Policyfor Aruba AP-120 Series and Dell W-AP120 SeriesWireless Access PointsVersion 1.4February 2012Aruba Networks 1322 Crossman Ave.Sunnyvale, CA 94089-1113
12INTRODUCTION .51.1ARUBA DELL RELATIONSHIP . 51.2ACRONYMS AND ABBREVIATIONS . 5PRODUCT OVERVIEW .72.1ARUBA AP-120 SERIES . 72.1.132.1.1.1Dimensions/Weight . 82.1.1.2Interfaces . 82.1.1.3Indicator LEDs . 8MODULE OBJECTIVES .103.1SECURITY LEVELS .103.2PHYSICAL SECURITY .103.2.1Applying TELs .103.2.2Aruba AP-124 TEL Placement.113.2.2.1To detect opening of the chassis cover: .113.2.2.2To detect access to restricted ports .113.2.33.3Aruba AP-125 TEL Placement.133.2.3.1To detect opening of the chassis cover: .133.2.3.2To detect access to restricted ports .133.2.44Physical Description . 7Inspection/Testing of Physical Security Mechanisms .16MODES OF OPERATION .173.3.1Configuring Remote AP FIPS Mode .173.3.2Configuring Control Plane Security (CPSec) protected AP FIPS mode .183.3.3Configuring Remote Mesh Portal FIPS Mode .193.3.4Configuring Remote Mesh Point FIPS Mode.203.3.5Verify that the module is in FIPS mode .213.4OPERATIONAL ENVIRONMENT .213.5LOGICAL INTERFACES .22ROLES, AUTHENTICATION, AND SERVICES .234.1ROLES.234.1.1Crypto Officer Authentication.234.1.2User Authentication .244.1.3Wireless Client Authentication .244.1.4Strength of Authentication Mechanisms .244.2SERVICES .264.2.1Crypto Officer Services .26
4.2.2User Services .274.2.3Wireless Client Services .284.2.4Unauthenticated Services.295CRYPTOGRAPHIC ALGORITHMS. 306CRITICAL SECURITY PARAMETERS . 317SELF TESTS.354
1 IntroductionThis document constitutes the non-proprietary Cryptographic Module Security Policy for the AP-120 seriesWireless Access Points with FIPS 140-2 Level 2 validation from Aruba Networks. This security policydescribes how the AP meets the security requirements of FIPS 140-2 Level 2, and how to place andmaintain the AP in a secure FIPS 140-2 mode. This policy was prepared as part of the FIPS 140-2 Level 2validation of the product.FIPS 140-2 (Federal Information Processing Standards Publication 140-2, Security Requirements forCryptographic Modules) details the U.S. Government requirements for cryptographic modules. Moreinformation about the FIPS 140-2 standard and validation program is available on the National Institute ofStandards and Technology (NIST) Web-site This document can be freely distributed.1.1 Aruba Dell RelationshipAruba Networks is the OEM for the Dell PowerConnect W line of products. Dell products are identical tothe Aruba products other than branding and Dell firmware is identical to Aruba firmware other thanbranding.Table 1 - Corresponding Aruba and Dell Part NumbersAruba Part NumberDell Corresponding Part NumberAP-124-F1W-AP124-F1AP-125-F1W-AP125-F1NOTE: References to Aruba, ArubaOS, Aruba AP-120 Series wireless access points apply to both theAruba and Dell versions of these products and documentation.1.2 Acronyms and EGHzHMACHzIKEIPSecKATKEKL2TPAdvanced Encryption StandardAccess PointCipher Block ChainingCommand Line InterfaceCrypto OfficerControl Plane Security protectedCommunications Security Establishment CanadaCritical Security ParameterExternal Crypto OfficerElectromagnetic CompatibilityElectromagnetic InterferenceFast EthernetGigabit EthernetGigahertzHashed Message Authentication CodeHertzInternet Key ExchangeInternet Protocol securityKnown Answer TestKey Encryption KeyLayer-2 Tunneling Protocol
LANLEDSHASNMPSPOETELTFTPWLANLocal Area NetworkLight Emitting DiodeSecure Hash AlgorithmSimple Network Management ProtocolSerial & Power Over EthernetTamper-Evident LabelTrivial File Transfer ProtocolWireless Local Area Network6
2 Product OverviewThis section introduces the various Aruba Wireless Access Points, providing a brief overview and summaryof the physical features of each model covered by this FIPS 140-2 security policy.2.1 Aruba AP-120 SeriesThis section introduces the Aruba AP-120 series Wireless Access Points (APs) with FIPS 140-2 Level 2validation. It describes the purpose of the AP, its physical attributes, and its interfaces.Figure 1 – Aruba AP-120 Series Wireless Access PointsThe Aruba AP-124 and AP -125 are high-performance 802.11n (3x3) MIMO, dual-radio (concurrent802.11a/n b/g/n) indoor wireless access points capable of delivering combined wireless data rates of up to600Mbps. These multi-function access points provide wireless LAN access, air monitoring, and wirelessintrusion detection and prevention over the 2.4-2.5GHz and 5GHz RF spectrum. The access points work inconjunction with Aruba Mobility Controllers to deliver high-speed, secure user-centric network services ineducation, enterprise, finance, government, healthcare, and retail applications.2.1.1 Physical DescriptionThe Aruba AP-120 series Access Point is a multi-chip standalone cryptographic module consisting ofhardware and firmware, all contained in a hard plastic case. The module contains IEEE 802.11a, 802.11b,802.11g, and 802.11n transceivers, and up to 3 integrated or external omni-directional multi-band dipoleantenna elements may be attached to the module.The plastic case physically encloses the complete set of hardware and firmware components and representsthe cryptographic boundary of the module.The Access Point configuration tested during the cryptographic module testing included:Aruba Part NumberDell Corresponding Part NumberAP-124-F1W-AP124-F1AP-125-F1W-AP125-F1The exact firmware versions tested were: ArubaOS 6xx 6.1.2.3-FIPS Dell PCW 6xx 6.1.2.3-FIPS7
2.1.1.1Dimensions/WeightThe AP has the following physical dimensions: 4.9” x 5.13” x 2.0” (124mm x 130mm x 51mm) 15oz (0.42 Kgs)2.1.1.2InterfacesThe module provides the following network interfaces: 2 x 10/100/1000 Base-T Ethernet (RJ45) Auto-sensing link speed and MDI/MDX Antenna (model Aruba AP-124 only)o 3 x RP-SMA antenna interfaces (supports up to 3x3 MIMO with spatial diversity)1 x RJ-45 console interfaceThe module provides the following power interfaces: 48V DC 802.3af or 802.3at or PoE interoperable Power-over-Ethernet (PoE) with intelli-sourcePSE sourcing intelligence 5V DC for external AC supplied power (adapter sold separately)2.1.1.3Indicator LEDsThere are 5 bicolor (power, ENET 0, 1, and WLAN) LEDs which operate as follows:Table 1- Indicator LEDsLabelFunctionActionStatusPWRAP power / ready statusOffNo power to APRedPower applied, bootloader startingFlashing - GreenDevice booting, not readyOn - GreenDevice readyOffEthernet link unavailableOn - Amber10/100Mbs Ethernet link negotiatedOn - Green1000Mbs Ethernet link negotiatedFlashingEthernet link activityOffEthernet link unavailableOn - Amber10/100Mbs Ethernet link negotiatedOn - Green1000Mbs Ethernet link negotiatedFlashingEthernet link activityOff2.4GHz radio disabledOn - Amber2.4GHz radio enabled in WLAN modeOn – Green2.4GHz radio enabled in 802.11n modeENET 0Ethernet Network LinkStatus / ActivityENET 1(Dualonly)radioWLAN 2.4GhzEthernet Network LinkStatus / Activity2.4GHz Radio Status8
LabelWLAN 5GhzFunction5GHz Radio StatusActionStatusFlashing2.4GHz Air monitorOff5GHz radio disabledOn - Amber5GHz radio enabled in WLAN modeOn – Green5GHz radio enabled in 802.11n modeFlashing2.4GHz Air monitor9
3 Module ObjectivesThis section describes the assurance levels for each of the areas described in the FIPS 140-2 Standard. Inaddition, it provides information on placing the module in a FIPS 140-2 approved configuration.3.1 Security LevelsSectionSection TitleLevel1Cryptographic Module Specification22Cryptographic Module Ports and Interfaces23Roles, Services, and Authentication24Finite State Model25Physical Security26Operational EnvironmentN/A7Cryptographic Key Management28EMI/EMC29Self-tests210Design Assurance211Mitigation of Other AttacksN/A3.2 Physical SecurityThe Aruba Wireless AP is a scalable, multi-processor standalone network device and is enclosed in a robustplastic housing. The AP enclosure is resistant to probing (please note that this feature has not been tested aspart of the FIPS 140-2 validation) and is opaque within the visible spectrum. The enclosure of the AP hasbeen designed to satisfy FIPS 140-2 Level 2 physical security requirements.3.2.1 Applying TELsThe Crypto Officer is responsible for securing and having control at all times of any unused tamper evidentlabels. The Crypto Officer should employ TELs as follows: Before applying a TEL, make sure the target surfaces are clean and dry. Do not cut, trim, punch, or otherwise alter the TEL. Apply the wholly intact TEL firmly and completely to the target surfaces. Ensure that TEL placement is not defeated by simultaneous removal of multiple modules. Allow 24 hours for the TEL adhesive seal to completely cure. Record the position and serial number of each applied TEL in a security log.For physical security, the AP requires Tamper-Evident Labels (TELs) to allow detection of the opening ofthe device, and to block the serial console port (on the bottom of the device). To protect the device fromtampering, TELs should be applied by the Crypto Officer as pictured below:10
3.2.2 Aruba AP-124 TEL PlacementThis section displays all the TEL locations on the Aruba AP-124. The AP124 requires a minimum of 3TELs to be applied as follows:3.2.2.11.2.3.2.2.23.To detect opening of the chassis cover:Spanning the left chassis cover and the top and bottom chassis coversSpanning the right chassis cover and the top and bottom chassis coversTo detect access to restricted portsSpanning the serial portThe tamper-evident labels shall be installed for the module to operate in a FIPS approved mode ofoperation.Following is the TEL placement for the Aruba AP-124:Figure 1: AP-124 Front view11
Figure 2: AP-124 Back viewFigure 3: AP-124 Left viewFigure 4: AP-124 Right viewFigure 5: AP-124 Top view12
Figure 6: AP-124 Bottom view3.2.3 Aruba AP-125 TEL PlacementThis section displays all the TEL locations on the Aruba AP-125. The AP125 requires a minimum of 3TELs to be applied as follows:3.2.3.1To detect opening of the chassis cover:1.2.3.2.3.2Spanning the top and bottom covers on the left sideSpanning the top and bottom covers on the rightTo detect access to restricted ports3.Spanning the serial portThe tamper-evident labels shall be installed for the module to operate in a FIPS approved mode ofoperation.Following is the TEL placement for the Aruba AP-125:13
Figure 7: AP-125 Front viewFigure 8: AP-125 Back viewFigure 9: AP-125 Left view14
Figure 10: AP-125 Right viewFigure 11: AP-125 Top view15
Figure 12: AP-125 Bottom view3.2.4 Inspection/Testing of Physical Security MechanismsPhysical Security MechanismRecommended Test FrequencyGuidanceTamper-evident labels (TELs)Once per monthExamine for any sign of removal,replacement, tearing, etc. Seeimages above for locations ofTELsOpaque module enclosureOnce per monthExamine module enclosure forany evidence of new openings orother access to the moduleinternals.16
3.3 Modes of OperationThe module has the following FIPS approved modes of operations: Remote AP (RAP) FIPS mode – When the module is configured as a Remote AP, it is intended tobe deployed in a remote location (relative to the Mobility Controller). The module providescryptographic processing in the form of IPSec for all traffic to and from the Mobility Controller. Control Plane Security (CPSec) protected AP FIPS mode – When the module is configured as aControl Plane Security protected AP it is intended to be deployed in a local/private location (LAN,WAN, MPLS) relative to the Mobility Controller). The module provides cryptographic processingin the form of IPSec for all Control traffic to and from the Mobility Controller. Remote Mesh Portal FIPS mode – When the module is configured in Mesh Portal mode, it isintended to be connected over a physical wire to the mobility controller. These modules serve asthe connection point between the Mesh Point and the Mobility Controller. Mesh Portalscommunicate with the Mobility Controller through IPSec and with Mesh Points via 802.11isession. The Crypto Officer role is the Mobility Controller that authenticates via IKEv1/IKEv2pre-shared key or RSA certificate authentication method, and Users are the "n" Mesh Points thatauthenticate via 802.11i preshared key. Mesh Point FIPS MODE – an AP that establishes all wireless path to the Remote Mesh portal inFIPS mode over 802.11 and an IPSec tunnel via the Remote Mesh Portal to the controller.This section explains how to place the module in FIPS mode in either Remote AP FIPS mode, ControlPlane Security AP FIPS Mode, Remote Mesh Portal FIPS mode or Mesh Point FIPS Mode. How to verifythat it is in FIPS mode. An important point in the Aruba APs is that to change configurations from any onemode to any other mode requires the module to be re-provisioned and rebooted before any new configuredmode can be enabled.The access point is managed by an Aruba Mobility Controller in FIPS mode, and access to the MobilityController’s administrative interface via a non-networked general purpose computer is required to assist inplacing the module in FIPS mode. The controller used to provision the AP is referred to below as the“staging controller”. The staging controller must be provisioned with the appropriate firmware image forthe module, which has been tested to FIPS 140-2, prior to initiating AP provisioning.After setting up the Access Point by following the basic installation instructions in the module UserManual, the Crypto Officer performs the following steps:3.3.1 Configuring Remote AP FIPS Mode1.Apply TELs according to the directions in section 3.22.Log into the administrative console of the staging controller3.Deploying the AP in Remote FIPS mode configure the controller for supporting Remote APs, Fordetailed instructions and steps, see Section “Configuring the Secure Remote Access Point Service”in Chapter “Remote Access Points” of the Aruba OS User Manual.4.Enable FIPS mode on the controller. This is accomplished by going to the Configuration Network Controller System Settings page (this is the default page when you click the Configuration tab), andclicking the FIPS Mode for Mobility Controller Enable checkbox.17
5.Enable FIPS mode on the AP. This accomplished by going to the Configuration Wireless APConfiguration AP Group page. There, you click the Edit button for the appropriate AP group, and thenselect AP AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save theconfiguration.6.If the staging controller does not provide PoE, either ensure the presence of a PoE injector for theLAN connection between the module and the controller, or ensure the presence of a DC powersupply appropriate to the particular model of the module.7.Connect the module via an Ethernet cable to the staging controller; note that this should be a directconnection, with no intervening network or devices; if PoE is being supplied by an injector, thisrepresents the only exception. That is, nothing other than a PoE injector should be present betweenthe module and the staging controller.8.Once the module is connected to the controller by the Ethernet cable, navigate to theConfiguration Wireless AP Installation page, where you should see an entry for the AP. Selectthat AP, click the “Provision” button, which will open the provisioning window. Now provisionthe AP as Remote AP by filling in the form appropriately. Detailed steps are listed in Section“Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OSUser Guide. Click “Apply and Reboot” to c
Wireless Access Points with FIPS 140-2 Level 2 validation from Aruba Networks. This security policy describes how the AP meets the security requirements of FIPS 140-2 Level 2, and how to place and maintain the AP in a secure FIPS 140-2 mode. This policy was prepared as part of the FIPS 140-2 Level 2 validation of the product.
FIPS 140-2 Security Policy KeyPair FIPS Object Module for OpenSSL Page 4 of 18 1 Introduction This document is the non-proprietary security policy for the KeyPair FIPS Object Module for OpenSSL (FIPS 140-2 Cert. #3503), hereafter referred to as the Module. The Module is a software library providing a C language application program interface (API) for use by
This Security Policy describes how the Dual Interface Security Controller SLE78 and Java Card Platform binary code meets the security requirements of FIPS 140-2 and CM’s operation in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 3 FIPS 140-2 validation of the module. FIPS 140-2
LogRhythm FIPS Object Module FIPS 140-2 Security Policy Page 3 of 33 References Reference Full Specification Name [ANS X9.31] Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA) [FIPS 140-2] Security Requirements for Cryptographic modules, May 25, 2001 [FIPS 180-4] Secure Hash Standard
FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. Note This document may be copied in its entirety and without modification. All copies must include the copyright notice and statements on the last page. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 — Security .
918 - OpenSSL FIPS Object Module v1.1.2 - 02/29/2008 140-2 L1 1051 - OpenSSL FIPS Object Module v 1.2 - 11/17/2008 140-2 L1 1111 - OpenSSL FIPS Runtime Module v 1.2 - 4/03/2009 140-2 L1 Note: Windows FIPS algorithms used in this product may have only been tested when the FIPS mode bit was set. While the
FIPS 140-2 Non-Proprietary Security Policy for WatchGuard Technologies Inc. Firebox Page 5 of 52 1 Introduction This document is a FIPS 140-2 Security Policy for WatchGuard [s Firebox Security System. This policy describes how the Firebox M270, M370, M470, M570, and M670 models (hereafter referred to as the
FortiOS 5.2 FIPS 140-2 Security Policy 01-525-296259-20151016 2 Overview This document is a FIPS 140-2 Security Policy for Fortinet Incorporated’s FortiOS 5.2 firmware, which runs on the FortiGate family of security appliances. This policy describes how the FortiOS 5.2 firmware (hereafter referred to as the ‘module’) meets the FIPS 140-2
American Gear Manufacturers Association 500 Montgomery Street, Suite 350 Alexandria, VA 22314--1560 Phone: (703) 684--0211 FAX: (703) 684--0242 E--Mail: tech@agma.org website: www.agma.org Leading the Gear Industry Since 1916. February 2007 Publications Catalogiii How to Purchase Documents Unless otherwise indicated, all current AGMA Standards, Information Sheets and papers presented at Fall .
