Deutsch dropdown-ico

Bedienungsanleitung Aruba Networks FIPS 140-2

36 Seiten 0.89 mb
Download

Zur Seite of 36

Summary
  • Aruba Networks FIPS 140-2 - page 1

    FIPS 140-2 Non-Proprietary Security Policy for Aruba AP-12 0 Series and De ll W- A P120 Seri es Wireless A cces s Points Version 1. 4 February 20 12 Aruba Networks™ 1322 Crossman Ave. Sunnyvale, C A 94 089-1113 ...

  • Aruba Networks FIPS 140-2 - page 2

    ...

  • Aruba Networks FIPS 140-2 - page 3

    1 INTRODUCTION .................................................................................................................................. 5 1.1 A RUBA D ELL R ELATI ONSHIP ............................................................................................................. 5 1.2 A CRONYMS A ND A BBREVIATIONS ........................ ...

  • Aruba Networks FIPS 140-2 - page 4

    4 4.2.2 User Service s ............................................................................................................................ 27 4.2.3 Wireless Clien t Services ................................................................ ............................................ 28 4.2.4 Unau thenticated Services ...................... ...

  • Aruba Networks FIPS 140-2 - page 5

    1 Introduction This document constitutes t he non-prop rietary Cryptographic Mod ule Security Policy for the AP -120 series Wireless Access Points with FIPS 140 -2 Level 2 validation fro m Aruba Networks. This security policy describes how the AP meets the security requireme nts of FIPS 140 -2 Level 2, and how to place and maintain the AP in a sec ...

  • Aruba Networks FIPS 140-2 - page 6

    6 LAN Local Area Net work LED Light Emitting Diode SHA Secure Hash Algorithm SNMP Simple Network Management P rotocol SPOE Serial & Po w er O ver Ethernet TEL Tamper-Evident Label TFTP T rivial File Transfer Pro tocol WLAN Wireless Local Area Net work ...

  • Aruba Networks FIPS 140-2 - page 7

    7 2 Product O v er view This section i ntroduces the var ious Aruba Wireless Access P oints, providing a brief overview and sum mary of the physical features of eac h model covered b y this FIPS 140 -2 security polic y. 2.1 A r uba AP -120 Series This section introduces t he Aruba AP- 120 series Wireless Access Points (APs) with FIPS 140 -2 Level 2 ...

  • Aruba Networks FIPS 140-2 - page 8

    8 2.1.1.1 Dimensions/Weight The AP has the follo wing physical dimensions:  4.9” x 5.13” x 2.0 ” (124mm x 130mm x 51mm)  15oz (0.42 Kgs) 2.1.1.2 Interfaces The module provides the follo wing net work interfaces:  2 x 10/100/1000 B ase-T Ethernet (RJ45 ) Auto-sensing link s peed and MDI/MDX  Antenna (model Ar uba AP -124 only) o 3 ...

  • Aruba Networks FIPS 140-2 - page 9

    9 Label Function Action Status Flashing 2.4GHz Air monitor WLAN 5Ghz 5GHz Radio Status Off 5GHz radio disabled On - Amber 5GHz radio enabled in WLAN mode On – Green 5GHz radio enabled in 802.11n mode Flashing 2.4GHz Air monitor ...

  • Aruba Networks FIPS 140-2 - page 10

    10 3 Module Objecti v es This section d escribes the assurance le vels for each of the areas describ ed in the FIPS 140 -2 Standard. In addition, it pro vides information on placin g the module in a FIPS 1 40 -2 approved configuration. 3.1 Security Levels Section Section Title Level 1 Cryptographic Module Sp ecification 2 2 Cryptographic Module P o ...

  • Aruba Networks FIPS 140-2 - page 11

    11 3.2.2 A r uba AP -12 4 TEL Placement This sectio n d isplays all the TEL locatio ns o n the Aruba AP -124. The AP124 requires a minimum o f 3 TELs to be applied as follows: 3.2.2.1 To detect openin g of the chassis cover: 1. Spanning the left chassis cove r and the top and bo ttom chassis covers 2. Spanning the right chassi s cover and the top a ...

  • Aruba Networks FIPS 140-2 - page 12

    12 Figure 2: AP -124 Back view Figure 3: AP -124 Left view Figure 4: AP -124 Right view Figure 5: AP -124 Top view ...

  • Aruba Networks FIPS 140-2 - page 13

    13 Figure 6: AP -124 Bottom view 3.2.3 A r uba AP -12 5 TEL Placement This sectio n d isplays all the TEL locatio ns o n the Aruba AP -125. The AP125 requires a minimum o f 3 TELs to be applied as follows: 3.2.3.1 To detect openin g of the chassis cover: 1. Spanning the top and bottom covers on the left sid e 2. Spanning the top and bottom covers o ...

  • Aruba Networks FIPS 140-2 - page 14

    14 Figure 7: AP -125 Front view Figure 8: AP -125 Back view Figure 9: AP -125 Left view ...

  • Aruba Networks FIPS 140-2 - page 15

    15 Figure 10: AP -125 Right view Figure 11: AP -125 Top view ...

  • Aruba Networks FIPS 140-2 - page 16

    16 Figure 12: AP -125 Bottom view 3.2.4 Inspection/Testing of Physical Security Mechanisms Physical Security M echanism Recommended Te st Frequency Guidance Tamper-evident labels (T ELs) Once per month Examine for any sign of removal, replacement, tearing, etc. See images above for locations of TELs Opaque module enclosure Once per month Examine mo ...

  • Aruba Networks FIPS 140-2 - page 17

    17 3.3 Modes of Operat ion The module has the following FIPS ap proved modes of operations: • Remote AP ( RAP) FIP S mode – When the module is co nfigured as a Remote AP, it is intended to be deplo yed in a remote location (relative to the Mobilit y Controller). T he module provides cryptographic processing i n the form of IP Sec for all traffi ...

  • Aruba Networks FIPS 140-2 - page 18

    18 5. Enable FIP S mode o n the AP. This accomplished b y going to the Configuration > Wireless > AP Configuration > AP Group p age. There, you click the E dit button for the appropriate AP group, and then select AP > AP Syste m Profile. Then, check the “Fips Enable” bo x, check “ Apply”, and save the configuration. 6. If the st ...

  • Aruba Networks FIPS 140-2 - page 19

    19 6. If the staging controller does not pr ovide PoE, either ens ure the presence of a P oE injector for the LAN co nnection between the module and the controller , o r ens ure the prese nc e o f a D C po wer supply appropriate to the particular model of the module 7. Connect the module via an Ethernet cable to the sta ging controller; note that t ...

  • Aruba Networks FIPS 140-2 - page 20

    20 represents the o nly exception. That is, nothing o ther than a P oE injector should be present between the module and the sta ging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installa tion page, where you sho uld see an entry for the AP. Select that AP, ...

  • Aruba Networks FIPS 140-2 - page 21

    21 select AP > AP Syste m Profile. Then, check the “Fips Enable” bo x, check “ Apply”, and save the configuration. 6. If the staging controller does not pr ovide PoE, either ens ure the presence of a P oE injector for the LAN co nnection between the module and the controller , o r ensure the presence o f a D C po wer supply appropriate t ...

  • Aruba Networks FIPS 140-2 - page 22

    22 Linux impleme ntation is not provided d irectly. O nly Aruba-pro vided Crypto O fficer interfaces ar e used. There is no user interface p rovided. 3.5 Logical Interfaces The physical interfaces are divided into logical interface s defi ned b y FIP S 14 0 -2 as described in the following table. Table 2 - FIPS 1 40-2 Logical Interfaces FIPS 140- 2 ...

  • Aruba Networks FIPS 140-2 - page 23

    23 4 Roles, Authentication and Ser vices 4.1 Roles The module supports the roles of Cr ypto Officer, User, and Wireless Client; no add itional roles (e.g., Maintenance) are supported . Administrative oper ations car ried out b y the Aruba Mobility Controller map to the Crypto O fficer role. T he Crypto Officer ha s the ability to configure, manage ...

  • Aruba Networks FIPS 140-2 - page 24

    24 4.1.2 User Authentication Authentication for the User role depends on the module co nfiguration. When the module is configured as a Mesh AP , the User role is authenticated via the WP A2 preshared key. Whe n the module i s configured as a Remote AP, the User role is authenticated via the same IK E pre -shared key/RSA key pa ir that is used by th ...

  • Aruba Networks FIPS 140-2 - page 25

    25 Authentication Mechanis m Mechanis m Strengt h Wireless Client WPA2-PSK (Wireless Client Role) For WPA2 -PSK there are at least 95^1 6 (=4.4 x 10^31 ) possible combinations. In order to test a guessed key, the attac ker must complete the 4-way handshake with the AP. Pr ior to completing the 4 -way handshake, t he attacker must co mplete the 802. ...

  • Aruba Networks FIPS 140-2 - page 26

    26 4.2 Services The module provides vario us services depending o n role. These are described below. 4.2.1 Crypto Officer Services The CO role in each of FIP S modes defi ned in section 3.3 has the same services. Service Description CSPs Accessed (see sectio n 6 below for complete descriptio n of CSPs) FIPS mode enable/di sable The CO selects/de -s ...

  • Aruba Networks FIPS 140-2 - page 27

    27 Service Description CSPs Accessed (see sectio n 6 below for complete descriptio n of CSPs) Creation/use of secure management session bet ween module and CO The module supports use of IPSec for securing the management channel.  IKE Preshared Secr et  DH Private Ke y  DH Public Ke y  IPSec session encr yption keys  IPSec session aut ...

  • Aruba Networks FIPS 140-2 - page 28

    28 Service Description CSPs Accessed (see sectio n 6 below for complete d escription of CSPs)  802.11i AES-C CM key  802.11i GMK  802.11i GTK Use of WPA preshared ke y for establishment of IEEE 802.11i keys When the module is i n mesh configuration, the inter -module mesh links are secured with 802.11i. This is authe nticated with a shared ...

  • Aruba Networks FIPS 140-2 - page 29

    29 4.2.4 Unauthenticated Serv ices The module pr ovides the foll owing unauthenticated services, which are available regardless o f ro le. No CSPs are accessed b y these services.  System status – SYSLOG and module LEDs  802.11 a/b/g/n  FTP  TFTP  NTP  GRE tunneling of 802 .11 wireless user frames ( when acting as a “Local AP? ...

  • Aruba Networks FIPS 140-2 - page 30

    30 5 Cryp tographic A l gorithms FIPS-approved cryptographic algorithms have bee n implemented in hard w are and firmware. The firmware suppo rts the following cryptographic imple mentations.  ArubaOS OpenSSL AP Module implements the follo wing FIPS -appr oved algorithms: o AES (Cert. #18 51) o HMAC (Cert. #109 9) o RNG (Cert. #970 ) o RSA (Cert ...

  • Aruba Networks FIPS 140-2 - page 31

    31 6 Critical Securit y Parameters The following Critical Sec urity Parameters (CSPs) are used by the module: CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE Key E ncryption Key (KEK) Triple-DES 168 -bits key Hard-coded Stored in flash, zeroized b y the ‘ ap wipe out flash’ command. Encrypts IKEv1/IKEv2 preshared keys and configuration par ...

  • Aruba Networks FIPS 140-2 - page 32

    32 CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE IKEv1/IKEv2 Diffie - Hellman Private key 1024 -bit Diffie- Hellman private key Generated internall y during IKEv1/IKEv2 negotiation Stored in plaintext in volatile memory; zeroized when session is closed or system is powered off Used in establishing the session key for IPSec IKEv1/IKEv2 Diffie ...

  • Aruba Networks FIPS 140-2 - page 33

    33 CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE WPA2 PSK 16 - 64 character shared secret used to authenticate mesh connections and in remote AP advanced configuration CO configured Encrypted in flash using the KEK; zeroized by updating through administrative in terface, or b y the ‘ap wipe out flash’ command. Used to derive the PMK for ...

  • Aruba Networks FIPS 140-2 - page 34

    34 CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE 802.11i Gro up Master Key (GMK) 256 -bit secret used to derive GTK Generated from appro ved RNG Stored in plaintext in volatile memory; zeroized o n reboot Used to derive Group Transient Key (GTK) 802.11i Gro up Transient Key (GTK) 256 -bit shared secret used to derive group (multicast) encryp ...

  • Aruba Networks FIPS 140-2 - page 35

    35 7 Self T ests The module performs the following Self Tests after being configured into either Remote AP mode or Remote Mesh P ortal mode. The module perfor ms both po wer-up and conditio nal self -tests. In the eve nt any se lf -test fails, t he module enters an error state, logs the error, and reb oots automatically. The module performs the fol ...

  • Aruba Networks FIPS 140-2 - page 36

    36 For an ArubaOS OpenSS L AP module and ArubaOS c ryptographic module KAT failure: AP rebooted [DATE][TIME] : Restarting System, SW FIPS KAT failed For an AES Cavium har dware POST failure: Starting HW SHA1 KAT ...Completed HW SHA1 AT Starting HW HMAC-SHA1 KAT ...Completed HW HMAC-SHA1 KAT Starting HW DES KAT ...Completed HW DES KAT Starting HW AE ...

Produzent Aruba Networks Kategorie Network Router

Dokumente, die wir vom Produzenten des Geräts Aruba Networks FIPS 140-2 erhalten, können wir in mehrere Gruppen teilen. Unteranderem in:
- technische Zeichnungen Aruba Networks
- Bedienungsanleitungen FIPS 140-2
- Produktkarten Aruba Networks
- Informationsbroschüren
- oder Energieetiketten Aruba Networks FIPS 140-2
Jede von ihnen ist wichtig, jedoch finden wir die wichtigsten Informationen für den Nutzer des Geräts in der Bedienungsanleitung Aruba Networks FIPS 140-2.

Die Dokumentengruppe, die als Bedienungsanleitungen bezeichnet wird, wird ebenfalls in detaillierte Arten geteilt, solche wie: Montageanleitungen Aruba Networks FIPS 140-2, Wartungsanleitungen, Kurzanleitungen oder Benutzeranleitungen Aruba Networks FIPS 140-2. Abhängig vom Bedarf, sollten Sie das Dokument finden, das Sie brauchen. In unserem Service können Sie sich die populärste Bedienungsanleitung des Produkts Aruba Networks FIPS 140-2 ansehen.

Ähnliche Bedienungsanleitungen

Die komplette Bedienungsanleitung des Geräts Aruba Networks FIPS 140-2, wie sollte sie aussehen?
Die Bedienungsanleitung, auch bezeichnet als Benutzerhandbuch, oder einfach nur „Anleitung”, ist ein technisches Dokument, das dem Benutzer bei der Nutzung von Aruba Networks FIPS 140-2 hilfreich sein soll. Die Bedienungsanleitungen werden in der Regel von technischen Schriftstellern geschrieben, aber in einer Sprache, die für alle Nutzer von Aruba Networks FIPS 140-2 verständlich ist.

Eine gänzliche Bedienungsanleitung von Aruba Networks sollte einige Grundelemente enthalten. Ein Teil von ihnen ist nicht so wichtig, wie z.B.: die Titelseite oder Autorenseiten. Die restlichen von ihnen jedoch, sollten Informationen liefern, die für den Nutzer von enormer Wichtigkeit sind.

1. Einführung und Hinweise, wie man sich in einer Bedienungsanleitung von Aruba Networks FIPS 140-2 bewegt - Am Anfang jeder Bedienungsanleitung sollten wir Hinweise bezüglich der Nutzungsart eines bestimmten Ratgebers finden. In ihr sollten sich Informationen über die Lokalisierung des Inhaltsverzeichnisses von Aruba Networks FIPS 140-2 befinden, FAQ oder über oft auftretende Probleme – also Stellen, die von den Benutzern in jeder Bedienungsanleitung am meisten gesucht werden
2. Inhaltsverzeichnis - Index aller Ratschläge bezüglich Aruba Networks FIPS 140-2, die wir im aktuellen Dokument finden
3. Ratschläge zur Nutzung der Grundfunktionen des Geräts Aruba Networks FIPS 140-2 - die uns die ersten Schritte während der Nutzung von Aruba Networks FIPS 140-2 erleichtern sollten
4. Troubleshooting - geordneter Tätigkeitslauf, der uns bei der Diagnose und als nächstes bei der Lösung wichtiger Probleme mit Aruba Networks FIPS 140-2 hilft
5. FAQ - häufig gestellte Fragen
6. Kontaktdaten Informationen darüber, wo man Kontakt zum Produzenten / Service von Aruba Networks FIPS 140-2 im bestimmten Land suchen kann, wenn es nicht gelingt, das Problem selbst zu lösen.

Haben Sie eine Frage bezüglich Aruba Networks FIPS 140-2?

Nutzen Sie das untere Formular

Wenn Sie mit Hilfe der gefundenen Bedienungsanleitung Ihr Problem mit Aruba Networks FIPS 140-2 nicht gelöst haben, stellen Sie eine Frage, indem Sie das untere Formular nutzen. Wenn einer der Nutzer ein ähnliches Problem mit Aruba Networks FIPS 140-2 hatte, ist es möglich, dass er mit Ihnen die Lösung teilen möchte.

Text vom Bild übertragen

Captcha
Neues Bild

Kommentare (0)