Enterasys Networks XSR-3250 دليل المستخدم

دليل المستخدم للجهاز Enterasys Networks XSR-3250

جهاز: Enterasys Networks XSR-3250
فئة: راوتر الشبكة
الصانع: Enterasys Networks
مقاس: 0.6 MB
مضاف: 6/9/2014
عدد الصفحات: 25
اطبع الدليل

تحميل

كيفية استخدام هذا الموقع؟

هدفنا هو أن نوفر لك وصولاً سريعًا إلى محتوى دليل المستخدم الخاص بـ Enterasys Networks XSR-3250. باستخدام المعاينة عبر الإنترنت ، يمكنك عرض المحتويات بسرعة والانتقال إلى الصفحة حيث ستجد الحل لمشكلتك مع Enterasys Networks XSR-3250.

لراحتك

إذا لم يكن البحث في دليل المستخدم Enterasys Networks XSR-3250 مباشرة على موقع الويب هذا مناسبًا لك ، فهناك حلان محتملان:

  • عرض ملء الشاشة - لعرض دليل المستخدم بسهولة (بدون تنزيله على جهاز الكمبيوتر الخاص بك) ، يمكنك استخدام وضع العرض بملء الشاشة. لبدء مشاهدة دليل المستخدم Enterasys Networks XSR-3250 بملء الشاشة ، استخدم الزر تكبير الشاشة.
  • التنزيل على جهاز الكمبيوتر الخاص بك - يمكنك أيضًا تنزيل دليل المستخدم Enterasys Networks XSR-3250 على جهاز الكمبيوتر لديك والاحتفاظ به في ملفاتك. ومع ذلك ، إذا كنت لا تريد أن تشغل مساحة كبيرة على القرص الخاص بك ، فيمكنك دائمًا تنزيله في المستقبل من ManualsBase.
Enterasys Networks XSR-3250 دليل الاستخدام - Online PDF
Advertisement
« Page 1 of 25 »
Advertisement
النسخة المطبوعة

يفضل العديد من الأشخاص قراءة المستندات ليس على الشاشة ، ولكن في النسخة المطبوعة. تم أيضًا توفير خيار طباعة الدليل ، ويمكنك استخدامه بالنقر فوق الارتباط أعلاه - اطبع الدليل. لا يتعين عليك طباعة الدليل بالكامل Enterasys Networks XSR-3250 ولكن الصفحات المحددة فقط. ورق.

الملخصات

ستجد أدناه معاينات لمحتوى أدلة المستخدم المقدمة في الصفحات التالية لـ Enterasys Networks XSR-3250. إذا كنت ترغب في عرض محتوى الصفحات الموجودة في الصفحات التالية من الدليل بسرعة ، فيمكنك استخدامها.

ملخصات المحتويات
ملخص المحتوى في الصفحة رقم 1







XSR-1805, XSR-1850, and XSR-3250
(Hardware Version: REV 0A-G, Software Version: REL 6.3, Firmware Version: REL 6.3)







FIPS 140-2 Non-Proprietary
Security Policy



Level 2 Validation
Version 1.00



September 2003

© Copyright 2003 Enterasys Networks
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

ملخص المحتوى في الصفحة رقم 2

Table of Contents INTRODUCTION............................................................................................................. 3 PURPOSE....................................................................................................................... 3 REFERENCES ................................................................................................................. 3 DOCUMENT ORGANIZATION ..........................................................................

ملخص المحتوى في الصفحة رقم 3

Introduction Purpose This document is a nonproprietary Cryptographic Module Security Policy for the Enterasys Networks XSR-1805, XSR-1850, and XSR-3250 appliances. This security policy describes how the XSR-1805, XSR-1850, and XSR-3250 meet the security requirements of FIPS 140-2 and how to run the modules in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. FIPS 140-2 (Federal Information Processing Standards Publication 1

ملخص المحتوى في الصفحة رقم 4

This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Enterasys Networks. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Enterasys Networks and can be released only under appropriate non-disclosure agreements. For access to these documents, please contact Enterasys Networks. © Copyright 2003 Enterasys Networks Page 4 of 25 This document may b

ملخص المحتوى في الصفحة رقم 5

ENTERASYS NETWORKS XSR-1805, XSR-1850, AND XSR-3250 Overview Part of the Enterasys Networks X-Pedition Security Router (XSR) series, the XSR-1805, XSR-1850, and XSR-3250 modules are networking devices that combine a broad range of IP routing features, a broad range of WAN interfaces and a rich suite of network security functions, including site-to-site and remote access VPN connectivity and policy managed, stateful-inspection firewall functionality. The XSR-18xx modules were designed to

ملخص المحتوى في الصفحة رقم 6

ideal to support mission- critical applications extending to the branch office. The XSR-3250 offers nearly ten times the performance speed of the XSR- 1850 and approximately 15 times more VPN tunnels. Coupling these features with the six network interface module (NIM) slots makes the XSR- 3250 ideally suited to a regional office required to terminate up to six T3/E3 or 24 T1/E1 connections. A redundant power supply is included. The features of each XSR module are summarized in Table 1. XS

ملخص المحتوى في الصفحة رقم 7

The hardware components for the XSR-18xx modules vary slightly to meet the performance level for each module. The XSR-1850 is an enhancement of the XSR-1805 consisting of the following additional features: • Two fans • External power source connector • One PMC slot for PPMC card • 19” 1.5 U rack-mount chassis • 64 MB of DRAM Due to the large difference in performance levels, the XSR-3250 hardware components vary quite significantly, when compared to the XSR-18xx modules. The main d

ملخص المحتوى في الصفحة رقم 8

The software image is contained in a single file with the power-up diagnostics. It is based on the Nortel Open IP design model and runs on top of the VxWorks operating system. The modules are intended to meet overall FIPS 140-2 Level 2 requirements (see Table 2). Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 2 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment

ملخص المحتوى في الصفحة رقم 9

• Ten status LEDs • One power connector • One power switch • One default configuration button The XSR-1850 implements the same physical ports as the XSR-1805 and the following additional ones: • External power source connector • PPMC slot for Processor The XSR-3250 varies to the XSR-1805 modules as follows: • One additional power source connector © Copyright 2003 Enterasys Networks Page 9 of 25 This document may be freely reproduced and distributed whole and intact including this C

ملخص المحتوى في الصفحة رقم 10

• Three 10/100/1000BaseT GigabitEthernet LAN ports with two LEDs on each port, instead of the two 10/100BaseT FastEthernet LAN ports • Mini-Gigabit Interface Converter (MGBIC) fiberoptic port plus two LEDs • Two NCC slots with two NIM slots on each card • No power switch • No default configuration button All of these physical ports are separated into logical interfaces defined by FIPS 140-2, as described in Table 3: Module Physical Ports FIPS 140-2 Logical Interface Network ports Data

ملخص المحتوى في الصفحة رقم 11

Roles and Services 1 The module supports role-based and identity-based authentication . There are two main roles in the module (as required by FIPS 140-2) that operators may assume: a Crypto Officer role and User role. Crypto Officer Role The Crypto Officer role has the ability to configure, manage, and monitor the module. Three management interfaces can be used for this purpose: • CLI – The Crypto Officer can use the CLI to perform non-security- sensitive and security-sensitive monitor

ملخص المحتوى في الصفحة رقم 12

• Read-only Crypto Officer – Management users with privilege level zero assume the Read-only Crypto Officer role. The Read-only Crypto Officer can only issue monitoring commands with low security level. Examples of commands are: show version and show clock. Descriptions of the services available to the Crypto Officer role are provided in the table below. Service Description Input Output Critical Security Parameter (CSP) Access SSH Provide SSH key SSH outputs and DSA (SSHv2) host aut

ملخص المحتوى في الصفحة رقم 13

Management key; create DSA configuration data access), DSA host host key for key pair (read/write SSHv2; create access), Crypto management users Officer’s password and set their for CLI and SNMP password and (read/write access) privilege level; configure the SNMP agent Configuring the Define the T1/E1 Commands and Status of None T1/E1 Subsystem subsystem configuration data commands and Interfaces functionality configuration data Configuring the Define the platform Commands and Status

ملخص المحتوى في الصفحة رقم 14

Firewall authorization configuration data. commands and information for configuration data. network traffic that flows through the box. Table 4 – Crypto Officer Services, Descriptions, Inputs and Outputs, and CSPs User Role The User role accesses the module’s IPSec and IKE services. Service descriptions, inputs and outputs, and CSPs are listed in the following table: Service Description Input Output CSP IKE Access the module IKE IKE inputs and data IKE outputs, RSA key pair for funct

ملخص المحتوى في الصفحة رقم 15

mechanism is as strong as the RSA algorithm using a 1024 bit key pair. Pre-shared key-based User HMAC SHA-1 generation and verification is authentication (IKE) used to authenticate to the module during IKE with preshared keys. This mechanism is as strong as the HMAC with SHA-1 algorithm. Additionally, preshared keys must be at least six characters long. Even if only uppercase letters were used without repetition for a six character preshared key, the probability of randomly guessing th

ملخص المحتوى في الصفحة رقم 16

Cryptographic Key Management The modules implement the following FIPS-approved algorithms: Type Algorithm Standard Certificate Number Symmetric AES (CBC) FIPS 197 Cert. #48, #106, #107 Triple-DES (CBC and FIPS 46-3 Cert. #158, #218, #219, ECB) #220 DES (CBC) FIPS 46-3 Cert. #204, #238, #239, #240 Asymmetric DSA FIPS 186-2 Change Cert. #97 Notice 1 RSA Digital Signature PKCS #1 Vendor affirmed Hash function SHA-1 FIPS 180-1 Cert. #143, #197, #198, #199 MAC HMAC SHA-1 FIPS 198 Cert.

ملخص المحتوى في الصفحة رقم 17

the encryption accelerators. The encryption accelerators implement the following FIPS-approved algorithms: • XSR-18xx – Triple-DES, DES, and HMAC SHA-1 • XSR-3250 – AES, Triple-DES, DES, and HMAC SHA-1 Cryptographic processing is performed during SSHv2, SNMPv3, IKE, IPSec, and when accessing and storing database files. The module supports the following critical and non-critical security parameters: CSPs and non- CSPs and non- Generation Storage Use critical SPs critical SPs type Key e

ملخص المحتوى في الصفحة رقم 18

IPSec session 56-bit DES, 168-bit Established during Stored in plaintext Secure IPSec keys TDES, or the Diffie-Hellman in memory traffic 128/192/256-bit key agreement AES keys; HMAC SHA-1 key Load test HMAC ≥ 80-bit HMAC External Stored encrypted Compute and verify SHA-1 key SHA-1 key in NVRAM of the the HMAC SHA-1 real time clock value for the chip software load test Passwords ≥ 6-character External If stored in Crypto Officer password configuration file, authentication for (SNMPv3 r

ملخص المحتوى في الصفحة رقم 19

If the master encryption key is generated within the module, the module outputs the key to the console as soon as the key is generated in order for the Crypto Officer to note down and store the key securely outside of the module. This is required, since the Crypto Officer must enter the current key before changing or removing it. The master secret key can only be configured through the serial console or over an SSH tunnel. Key Storage The three-key Triple-DES key encryption key used to en

ملخص المحتوى في الصفحة رقم 20

Self-Tests The module performs a set of self-tests in order to ensure proper operation in compliance with FIPS 140-2. These self-tests are run during power-up (power-up self-tests) or when certain conditions are met (conditional self-tests). Power-up Self-tests: • Software integrity tests: the modules use an EDC, in the form of an MD5 checksum, to check the integrity of its various components • Cryptographic algorithm tests: o AES-CBC KAT o DES-CBC KAT o Triple-DES-CBC KAT o PR


أدلة المستخدم البديلة
# دليل الاستخدام فئة تحميل
1 Enterasys Networks E1 Series دليل الاستخدام راوتر الشبكة 10
2 Enterasys Networks FN 100 دليل الاستخدام راوتر الشبكة 0
3 Enterasys Networks 1H582-xx دليل الاستخدام راوتر الشبكة 5
4 Enterasys Networks Aurorean Network Gateway 3000 دليل الاستخدام راوتر الشبكة 2
5 Enterasys Networks Enterasys Matrix 9034310-01 دليل الاستخدام راوتر الشبكة 11
6 Enterasys Networks BRIM-E6 دليل الاستخدام راوتر الشبكة 0
7 Enterasys Networks ENTERASYS MATRIX X X16-C دليل الاستخدام راوتر الشبكة 7
8 Enterasys Networks Enterasys Matrix 2G4082-25 دليل الاستخدام راوتر الشبكة 9
9 Enterasys Networks ROAMABOUT 9033900-04 دليل الاستخدام راوتر الشبكة 1
10 Enterasys Networks Cabletron CyberSWITCH CSX5500 دليل الاستخدام راوتر الشبكة 0
11 Enterasys Networks NETWORKS 2000 دليل الاستخدام راوتر الشبكة 0
12 Enterasys Networks ROAMABOUT RBT-1602 دليل الاستخدام راوتر الشبكة 10
13 Enterasys Networks ROAMABOUT RBT-4102 دليل الاستخدام راوتر الشبكة 182
14 Enterasys Networks Security Router X-PeditionTM دليل الاستخدام راوتر الشبكة 1
15 Enterasys Networks X-PEDITION E9.1.7.0 دليل الاستخدام راوتر الشبكة 8
16 Sony BKS-R3202/R3210/R3220 دليل الاستخدام راوتر الشبكة 77
17 Sony DVS-V3232B/V3232M دليل الاستخدام راوتر الشبكة 3
18 Sony BVS-V3232 دليل الاستخدام راوتر الشبكة 8
19 Sony DMX-WL1 دليل الاستخدام راوتر الشبكة 6
20 Sony BVS-A3232 دليل الاستخدام راوتر الشبكة 6