Nokia IP265 Security Guide - Page 25

Self Test Error Handling - problems

Get Nokia IP265 - Security Appliance PDF manuals and user guides View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 25 highlights

• Policy file integrity test (bypass mode test): the module performs a SHA-1 check value verification to ensure that the policy files are not modified. Self Test Error Handling • If the integrity tests fail, the module enters the bootloader error state and reboots. If the IPSO kernel modules cryptographic algorithm tests fail, the module enters the kernel panic error state and reboots. If the Check Point kernel module cryptographic algorithm tests fail, the module enters the kernel panic error state and must be rebooted by the Crypto Officer to clear the error. • If the IPSO conditional self-tests fail, the module enters the error state and reboots. If the Check Point continuous RNG test fails, the module enters the error state and reboots. All other self-test errors cause the module to enter the error state, where all cryptographic services and data output for the problem service is halted until the error state is cleared. Restarting the module or the failed service can clear the error state. All errors are logged and produce error indicators. 2.10 Design Assurance Nokia and Check Point manage and record their respective source code and associated documentation files. Nokia implements the Concurrent Versions System (CVS) for document and source code management. The Check Point code is maintained by Nokia as a compiled binary file. The Nokia module hardware data, which includes descriptions, parts data, part types, bills of materials, manufacturers, changes, history, and hardware documentation are managed and recorded using Agile Workplace. Additionally, Microsoft Visual Source Safe (VSS) version 6.0 and Microsoft SharePoint was used to provide configuration management for the module's FIPS documentation. These document management utilities provide access control, versioning, and logging. 2.11 Mitigation of Other Attacks The modules do not employ security mechanisms to mitigate specific attacks. © Copyright 2005, 2006, 2007 Nokia Page 25 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
Policy file integrity test (bypass mode test):
the module performs a
SHA-1 check value verification to ensure that the policy files are not
modified.
Self Test Error Handling
If the integrity tests fail, the module enters the bootloader error
state and reboots. If the IPSO kernel modules cryptographic
algorithm tests fail, the module enters the kernel panic error state
and reboots. If the Check Point kernel module cryptographic
algorithm tests fail, the module enters the kernel panic error state
and must be rebooted by the Crypto Officer to clear the error.
If the IPSO conditional self-tests fail, the module enters the error
state and reboots. If the Check Point continuous RNG test fails, the
module enters the error state and reboots. All other self-test errors
cause the module to enter the error state, where all cryptographic
services and data output for the problem service is halted until the
error state is cleared. Restarting the module or the failed service
can clear the error state.
All errors are logged and produce error indicators.
2.10 Design Assurance
Nokia and Check Point manage and record their respective source code
and associated documentation files. Nokia implements the Concurrent
Versions System (CVS) for document and source code management. The
Check Point code is maintained by Nokia as a compiled binary file.
The Nokia module hardware data, which includes descriptions, parts data,
part types, bills of materials, manufacturers, changes, history, and
hardware documentation are managed and recorded using Agile
Workplace.
Additionally, Microsoft Visual Source Safe (VSS) version 6.0 and Microsoft
SharePoint was used to provide configuration management for the
module’s FIPS documentation. These document management utilities
provide access control, versioning, and logging.
2.11 Mitigation of Other Attacks
The modules do not employ security mechanisms to mitigate specific
attacks.
© Copyright 2005, 2006, 2007
Nokia
Page 25 of 43
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.