Nokia IP265 Security Guide - Page 34

HMAC with SHA1

Get Nokia IP265 - Security Appliance PDF manuals and user guides View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 34 highlights

SmartDashboard application are included to aid in illustration of the steps described below. During the management of the module, the Crypto Officer must satisfy the following: • The SSH configuration settings specified in Section 3.1.5 must be satisfied. • Authorized public keys must be entered into the module with the SSH-secured management session. • The AUX port must not be enabled. • The module logs must be monitored. If a strange activity is found, the Crypto Officer should take the module off line and investigate. • The tamper-evident seal must be regularly examined for signs of tampering. • No keys or CSPs should be shared between the non-Approved mode and the Approved mode of operation when switching between modes of operation. To ensure that no sharing occurs, all keys must be zeroized while in one mode of operation before switching to another mode of operation. The VPN functionality must be configured to use only FIPS-approved algorithms. The following pages denote sample screen shots of the various Check Point configuration screens. Authentication during IKE must employ pre-shared keys or digital certificates. IPSec and IKE can use only the following FIPS-approved algorithms: Data encryption • Triple DES • AES Data packet integrity • HMAC with SHA1 Authentication • Certificates • Pre-shared keys © Copyright 2005, 2006, 2007 Nokia Page 34 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
SmartDashboard application are included to aid in illustration of the steps
described below.
During the management of the module, the Crypto Officer must satisfy the
following:
The SSH configuration settings specified in Section 3.1.5 must be
satisfied.
Authorized public keys must be entered into the module with the
SSH-secured management session.
The AUX port must not be enabled.
The module logs must be monitored. If a strange activity is found,
the Crypto Officer should take the module off line and investigate.
The tamper-evident seal must be regularly examined for signs of
tampering.
No keys or CSPs should be shared between the non-Approved
mode and the Approved mode of operation when switching
between modes of operation. To ensure that no sharing occurs, all
keys must be zeroized while in one mode of operation before
switching to another mode of operation.
The VPN functionality must be configured to use only FIPS-approved
algorithms. The following pages denote sample screen shots of the
various Check Point configuration screens. Authentication during IKE must
employ pre-shared keys or digital certificates. IPSec and IKE can use only
the following FIPS-approved algorithms:
Data encryption
Triple DES
AES
Data packet integrity
HMAC with SHA1
Authentication
Certificates
Pre-shared keys
© Copyright 2005, 2006, 2007
Nokia
Page 34 of 43
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.