Nokia IP265 Security Guide - Page 2

Table of Contents 1 INTRODUCTION...3 1.1 PURPOSE...3 1.2 REFERENCES ...3 2 NOKIA VPN APPLIANCE 4 2.1 OVERVIEW ...4 2.2 CRYPTOGRAPHIC MODULE 5 2.3 MODULE INTERFACES 7 2.4 ROLES AND SERVICES 8 2.4.1 Crypto Officer Role 8 2.4.2 User Role ...14 2.4.3 Authentication Mechanisms 14 2.5 ELECTROMECHANICAL INTERFERENCE/COMPATIBILITY (FCC COMPLIANCE 16 2.6 PHYSICAL SECURITY 16 2.7 OPERATIONAL ENVIRONMENT 16 2.8 CRYPTOGRAPHIC KEY MANAGEMENT 17 2.8.1 Key Generation 23 2.8.2 Key Establishment 23 2.8.3 Key Entry and Output 23 2.8.4 Key Storage 23 2.8.5 Key Zeroization 23 2.9 SELF-TESTS...24 2.10 DESIGN ASSURANCE 25 2.11 MITIGATION OF OTHER ATTACKS 25 3 SECURE OPERATION (APPROVED MODE 26 3.1 CRYPTO OFFICER GUIDANCE 26 3.1.1 Hardware Setup 26 3.1.2 Installing, Upgrading or Downgrading the Module Firmware 28 3.1.3 Initializing Check Point Modules 31 3.1.4 Setting the Module to FIPS Mode 32 3.1.5 Initializing the Remote Management of the Module 32 3.1.6 Management and Monitoring 33 3.2 USER GUIDANCE 39 APPENDIX A - DISABLED MECHANISMS 41 APPENDIX B - ALGORITHM VALIDATION CERTIFICATE NUMBERS 42 APPENDIX C - ACRONYM DEFINITIONS 43 © Copyright 2005, 2006, 2007 Nokia Page 2 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.