3 secure operation of the contivity switch – Nortel Networks 4500 FIPS User Manual

© Copyright 2000 Nortel Networks.

13

2.5 Key Management

The switch securely administers both cryptographic keys and other critical security parameters
such as User passwords. Ephemeral sessions keys are created during the negotiation of secure
tunnels on behalf of Users who have successfully authenticated themselves to the switch with
their user ID and password. These keys are created for protocols like MS-CHAP and
ISAKMP which securely negotiate key exchange and then allow encryption services for PPTP,
L2TP, and IPSec.

Keys are destroyed when the appropriate tunnel, SA, or session is terminated and are never
archived or released from the device. User passwords can be destroyed by Crypto Officers, or
by users overwriting their own passwords. All passwords are stored in the LDAP database in
an encrypted format, and never released. They are used only for authentication in key exchange
protocols, which each protect CSPs according to their protocol. (Crypto Officers should be
aware that PAP transmits password information in the clear and should not be enabled before
deciding local policy. See notes on PAP in the Managing the Contivity Extranet Switch
(page 3-32).

2.6 Self Tests

In order to prevent any secure data being released, it is important to test the cryptographic
components of a security module to insure all components are functioning correctly. The
Contivity Switch includes an array of self-tests which are run during startup and periodically
during operations. The self-test run at power-up include a cryptographic known answer tests
(KAT) on the FIPS-approved cryptographic algorithms (DES, 3DES) and on the message
digest (SHA-1). Also performed at startup are software integrity tests using a DES MAC per
FIPS 113 and a continuous random number generator test. Other test are run periodically or
conditionally such as a software load test for upgrades using a DES MAC and the continuous
random number generator test. In addition, there are checksum tests on the flash memory
which are updated with flash changes.

If any of these self-test fail the switch will transition into an error state. Within the error state, all
secure data transmission is halted and the switch outputs status information indicating the failure.

3 Secure Operation of the Contivity Switch

The Contivity Switch is a versatile machine; it can be run in a Normal Operating Mode or a
FIPS Operating Mode. In FIPS operating mode, the switch meets all the Level 2 requirements
for FIPS 140-1. In order to place the module in FIPS mode, click the “FIPS Enabled” button
on the Services Available management screen and restart the module. A number of
configuration settings are recommended when operating the Contivity Switch in a FIPS 140-1
compliant manner. Other changes are required in order to maintain compliance with FIPS 140-
1 requirements. These include the following: