Dell Aruba 620 Manuel complémentaire - Page 28

Parcourez en ligne ou téléchargez le pdf Manuel complémentaire pour {nom_de_la_catégorie} Dell Aruba 620. Dell Aruba 620 42 pages. Controllers with arubaos fips firmware non-proprietary security policy fips 140-2 level 2 release supplement

number with the random number generated in the previous round and enters an error state if the
comparison is successful. The test is performed for approved as well as non-approved RNGs.
Bypass test
RSA Pairwise Consistency test
ECDSA Pairwise Consistency test
Firmware Load Test
Self-test results are logged in a log file. Upon successful completion of the power-up self tests, the module
logs a KATS: passed message into a log file. Confirm the file update by checking the associated time of the
file.
In the event of a hardware KATs failure, the log file records one of the following messages depending on the
algorith being tested:
AES256 HMAC-SHA1 hash failed
AES256 Encrypt failed
AES256 Decrypt Failed
3DES HMAC-SHA1 hash failed
3DES Encrypt failed
3DES Decrypt Failed
DES HMAC-SHA1 hash failed
DES Encrypt failed
DES Decrypt Failed
HW KAT test failed for AESCCM CTR. Rebooting
AESCCM Encrypt Failed
This text is followed by this message:
The POST Test failed!!!!
Rebooting...

Alternating Bypass State

The controller implements an alternating bypass state when:
a port is configured in trusted mode to provide unauthenticated services
a configuration provides wireless access without encryption
The alternating bypass status can be identified by retrieving the port configuration or the wireless network
configuration.

Mitigation of Other Attacks

ArubaOS includes two modules that provide protection from attacks. These are:

XSec

Wireless Intrusion Protection
XSec
xSec is a highly secure data link layer (Layer 2) protocol that provides a unified framework for securing all
wired and wireless connections using strong encryption and authentication. xSec provides greater security
than Layer 3 encryption technologies through the use of FIPS-validated encryption algorithms (AES-CBC-
256 with HMAC-SHA1) to secure Layer 2 traffic, as well as the encryption of Layer 2 header information
including MAC addresses. xSec was jointly developed by Aruba Networks and Funk Software.
26
| FIPS 140-2 Level 2 Features
Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement