Dell PowerConnect W-Series FIPS Dell PowerConnect W-600 Controller Series Secu - Page 28

Alternating Bypass State, Mitigation of Other Attacks, XSec, RSA Pairwise Consistency test

Get Dell PowerConnect W-Series FIPS PDF manuals and user guides View all Dell PowerConnect W-Series FIPS manuals
Add to My Manuals
Save this manual to your list of manuals

Page 28 highlights

number with the random number generated in the previous round and enters an error state if the comparison is successful. The test is performed for approved as well as non-approved RNGs.  Bypass test  RSA Pairwise Consistency test  ECDSA Pairwise Consistency test  Firmware Load Test Self-test results are logged in a log file. Upon successful completion of the power-up self tests, the module logs a KATS: passed message into a log file. Confirm the file update by checking the associated time of the file. In the event of a hardware KATs failure, the log file records one of the following messages depending on the algorith being tested:  AES256 HMAC-SHA1 hash failed  AES256 Encrypt failed  AES256 Decrypt Failed  3DES HMAC-SHA1 hash failed  3DES Encrypt failed  3DES Decrypt Failed  DES HMAC-SHA1 hash failed  DES Encrypt failed  DES Decrypt Failed  HW KAT test failed for AESCCM CTR. Rebooting  AESCCM Encrypt Failed This text is followed by this message: The POST Test failed!!!! Rebooting... Alternating Bypass State The controller implements an alternating bypass state when:  a port is configured in trusted mode to provide unauthenticated services  a configuration provides wireless access without encryption The alternating bypass status can be identified by retrieving the port configuration or the wireless network configuration. Mitigation of Other Attacks ArubaOS includes two modules that provide protection from attacks. These are:  XSec  Wireless Intrusion Protection XSec xSec is a highly secure data link layer (Layer 2) protocol that provides a unified framework for securing all wired and wireless connections using strong encryption and authentication. xSec provides greater security than Layer 3 encryption technologies through the use of FIPS-validated encryption algorithms (AES-CBC256 with HMAC-SHA1) to secure Layer 2 traffic, as well as the encryption of Layer 2 header information including MAC addresses. xSec was jointly developed by Aruba Networks and Funk Software. 26 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
26
|
FIPS 140-2 Level 2 Features
Aruba 620, 650 and Dell W-620, W-650
|
FIPS 140-2 Level 2 Release Supplement
number with the random number generated in the previous round and enters an error state if the
comparison is successful. The test is performed for approved as well as non-approved RNGs.
Bypass test
RSA Pairwise Consistency test
ECDSA Pairwise Consistency test
Firmware Load Test
Self-test results are logged in a log file. Upon successful completion of the power-up self tests, the module
logs a KATS: passed message into a log file. Confirm the file update by checking the associated time of the
file.
In the event of a hardware KATs failure, the log file records one of the following messages depending on the
algorith being tested:
AES256 HMAC-SHA1 hash failed
AES256 Encrypt failed
AES256 Decrypt Failed
3DES HMAC-SHA1 hash failed
3DES Encrypt failed
3DES Decrypt Failed
DES HMAC-SHA1 hash failed
DES Encrypt failed
DES Decrypt Failed
HW KAT test failed for AESCCM CTR. Rebooting
AESCCM Encrypt Failed
This text is followed by this message:
The POST Test failed!!!!
Rebooting…
Alternating Bypass State
The controller implements an alternating bypass state when:
a port is configured in trusted mode to provide unauthenticated services
a configuration provides wireless access without encryption
The alternating bypass status can be identified by retrieving the port configuration or the wireless network
configuration.
Mitigation of Other Attacks
ArubaOS includes two modules that provide protection from attacks. These are:
XSec
Wireless Intrusion Protection
XSec
xSec is a highly secure data link layer (Layer 2) protocol that provides a unified framework for securing all
wired and wireless connections using strong encryption and authentication. xSec provides greater security
than Layer 3 encryption technologies through the use of FIPS-validated encryption algorithms (AES-CBC-
256 with HMAC-SHA1) to secure Layer 2 traffic, as well as the encryption of Layer 2 header information
including MAC addresses. xSec was jointly developed by Aruba Networks and Funk Software.