Dell PowerConnect W-Series FIPS Dell PowerConnect W-600 Controller Series Secu - Page 19
Roles and Services, Crypto Officer Role
View all Dell PowerConnect W-Series FIPS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
A power supply is used to connect the electric power cable. Operating power is also provided to a compatible Power Over Ethernet (POE) device when connected. The power is provided through the connected Ethernet cable. The switch distinguishes between different forms of data, control, and status traffic over the network ports by analyzing the packets header information and contents. Roles and Services The Aruba Mobility Controller supports role-based authentication. There are two roles in the switch (as required by FIPS 140-2 Level 2) that operators may assume: a Crypto Officer role and a User role. The Administrator maps to the Crypto-Officer role and the client Users map to the User role. Crypto Officer Role The Crypto Officer role has the ability to configure, manage, and monitor the switch. Three management interfaces can be used for this purpose: CLI The Crypto Officer can use the CLI to perform non-security-sensitive and security-sensitive monitoring and configuration. The CLI can be accessed remotely by using the SSHv2 secured management session over the Ethernet ports or locally over the serial port. In FIPS mode, the serial port is disabled. Web Interface The Crypto Officer can use the Web Interface as an alternative to the CLI. The Web Interface provides a highly intuitive, graphical interface for a comprehensive set of switch management tools. The Web Interface can be accessed from a TLS-enabled Web browser using HTTPS (HTTP with Secure Socket Layer) on logical port 4343. Bootrom Monitor Mode In Bootrom monitor mode, the Crypto Officer can reboot, update the Bootrom, issue file system-related commands, modify network parameters, and issue various show commands. The Crypto Officer can only enter this mode by pressing any key during the first four seconds of initialization. Bootrom Monitor Mode is disabled in FIPS mode. The Crypto Officer can also use SNMPv1/2c/3 to remotely perform non-security-sensitive monitoring and use get and getnext commands. See the table below for descriptions of the services available to the Crypto Officer role. Table 3 Crypto-Officer Services Service Description Input Output CSP Access SSH Provide authenticated and encrypted remote management sessions while using the CLI IKEv1/IKEv2-IPSec Provide authenticated and encrypted remote management sessions to access the CLI functionality SSH key agreement parameters, SSH inputs, and data SSH outputs and data IKEv1/IKEv2 inputs and data; IPSec inputs, commands, and data IKEv1/IKEv2 outputs, status, and data; IPSec outputs, status, and data Diffie-Hellman key pair (read/ write access), session key for SSH (read/write access), RNG keys (read access); Crypto Officer's password (read access) RSA or ECDSA key pair for IKEv1/IKEv2 (read access), Diffie-Hellman or Elliptic curve Diffie-Hellman key pair for IKEv1/IKEv2 (read/write access), pre- shared keys for IKEv1/IKEv2 (read access); Session keys for IPSec (read/write access) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 17