Nokia IP265 Security Guide - Page 8

The physical ports are separated into logical interfaces defined by FIPS 140-2, as described in Table 2. Module Physical Port Network ports Network ports Network ports, console port, power switch, reset switch Network ports, console port, LEDs Power plug, Power switch FIPS 140-2 Logical Interface Data input interface Data output interface Control input interface Status output interface Power interface Table 2 - FIPS 140-2 Logical Interfaces Data input and output, control input, and status output are defined as follows: • Data input and output are the packets that use the firewall, VPN, and routing functionalities of the modules. • Control input consists of manual control inputs for power and reset through the power and reset switch. It also consists of all of the data that is entered into the module while using the management interfaces. • Status output consists of the status indicators displayed through the LEDs and the status data that is output from the modules while using the management interfaces. The modules distinguish between different forms of data, control, and status traffic over the network ports by analyzing the packets header information and contents. 2.4 Roles and Services The modules support role-based authentication. The two main roles in the modules (as required by FIPS 140-2) that operators can assume are: a Crypto Officer role and a User role. 2.4.1 Crypto Officer Role The Crypto Officer role can configure, manage, and monitor the module. Three management interfaces can be used for this purpose: • CLI - the Crypto Officer can use the CLI to configure and monitor IPSO systems. This can be done locally by using the console port or remotely by using the SSH secured management session. © Copyright 2005, 2006, 2007 Nokia Page 8 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.