Dell Aruba 620 Manuale integrativo - Pagina 22
Sfoglia online o scarica il pdf Manuale integrativo per Interruttore Dell Aruba 620. Dell Aruba 620 42. Controllers with arubaos fips firmware non-proprietary security policy fips 140-2 level 2 release supplement
Table 4 User Service
Service
Description
Data link (Layer 2)
Access the module's Layer 2
Encryption
encrypted tunnel services to
secure network trafficData link
encryption inputs, commands
and data
Authentication Mechanisms
The Aruba Mobility Controller supports role-based authentication. Role-based authentication is performed
before the Crypto Officer enters privileged mode using admin password via Web Interface or SSH or by
entering enable command and password in console. Role-based authentication is also performed for User
authentication.
This includes password and RSA/ECDSA-based authentication mechanisms. The strength of each
authentication mechanism is described below.
Table 5 Estimated Strength of Authentication Mechanisms
Authentication Type
Password-based authentication
(CLI and Web Interface)
RSA-based authentication
(IKEv1/IKEv2)
Pre-shared key-based
authentication (IKEv1/IKEv2)
Pre-shared key based
authentication (802.11i)
EAP-TLS authentication
ECDSA-based authentication
(IKEv1/IKEv2)
Unauthenticated Services
The Aruba Mobility Controller can perform SNMP management, VLAN, bridging, firewall, routing, and
forwarding functionality without authentication. These services do not involve any cryptographic
processing.
Additional unauthenticated services include performance of the power-on self test and system status
indication via LEDs.
20
| FIPS 140-2 Level 2 Features
Input
Data link encryption
inputs, commands and
data
Role
Strength
Crypto Officer
Passwords are required to be at least six characters long.
Numeric, alphabetic (upper and lowercase), and keyboard
and extended characters can be used, which gives a total of
95 characters to choose from. Therefore, the number of
potential six-character passwords is 95
User
RSA signing and verification is used to authenticate to the
module during IKEv1/IKEv2. This mechanism is as strong as
the RSA algorithm using a 1024 or 2048 bit key pair.
User
Pre-shared keys must be at least six characters long and up
to 64 bytes long. Even if only uppercase letters were used
without repetition for a six character pre-shared key, the
probability of randomly guessing the correct sequence is one
in 165,765,600.
User
1024 and 2048 bit RSA keys correspond to effective strength
80
of 2
and 2
User
1024 and 2048 bit RSA keys correspond to effective strength
80
of 2
and 2
User
ECDSA signing and verification is used to authenticate to the
module during IKEv1/IKEv2. Both P-256 and P-384 keys are
supported. ECDSA P-256 provides 128 bits of equivalent
security, and P-384 provides 192 bits of equivalent security.
Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Output
CSP Access
Data link
Data link encryption AES
encryption, status,
key (read)
and data
112
respectively.
112
respectively.
6
(735091890625).