Security guidance, Security guidance -3 – Carrier Access Broadmore 1750 User Manual

Broadmore 1750 - Release 4.6

11-3

Security Management (FIPS Mode)

Security Guidance

Additional security-relevant features include:

Enable/disable SNMP and ICMP messages

SNMPv3 USM/VACM

Log-in Banner for special user instructions

Security Guidance

Receipt and Inspection – Broadmore components containing FIPS 140-2
validated software are packaged and sealed at the factory with tamper-proof
security tape. Upon receipt, carefully examine the security sealing tapes on the
shipping containers for any signs of tampering. (See “Receipt” on page

3-2

.)

Security – Broadmore components containing FIPS 140-2 validated software
(CPU modules, memory modules, and storage media) should be handled in
accordance with applicable security procedures.

Initial Login – The Broadmore is shipped with a default username and password
for logging in the first time. A SuperUser (Crypto Officer) should log in the first
time to configure the Broadmore for secure operation.
For maximum security, perform the following steps:
(1) configure IP access (via ethernet, LANE, or CIP)
(2) install security keys
(3) create a temporary SuperUser account
(4) delete the public SYSADMIN account
(5) enable FIPS mode and reboot the system
(6) after logging in securely, you can safely create user accounts and configure
the Broadmore for secure operation.

Security Modes – The Broadmore is shipped with security turned off. Only a
SuperUser can change the FIPS and SecurID modes (see “Changing Security
Modes” on page

11-17

).