Dell Aruba 620 Посібник з доповнення - Сторінка 21

Переглянути онлайн або завантажити pdf Посібник з доповнення для Перемикач Dell Aruba 620. Dell Aruba 620 42 сторінки. Controllers with arubaos fips firmware non-proprietary security policy fips 140-2 level 2 release supplement

Table 3 Crypto-Officer Services
Service
Description
Updating Firmware Updating firmware on the module Commands and
Configuring OCSP
Configuring OCSP responder
Responder
functionality
Configuring
Configuring Control Plane
Control Plane
Security mode to protect
Security (CPSec)
communication with APs using
IPSec and issue self signed
certificates to APs

User Role

The User role can access the switch's IPSec and IKEv1/IKEv2 services. Service descriptions and inputs/
outputs are listed in the following table:
Table 4 User Service
Service
Description
IKEv1/IKEv2-IPSec Access the module's IPSec
services in order to secure
network traffic
HTTPS over TLS
Access the module's TLS
services in order to secure
network traffic
EAP-TLS
Provide EAP-TLS termination
termination
802.11i Shared
Access the module's 802.11i
Key Mode
services in order to secure
network traffic
802.11i with EAP-
Access the module's 802.11i
TLS
services in order to secure
network traffic
Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Input
Output
Status of
configuration data
commands and
configuration data
OCSP inputs,
OCSP outputs,
commands, and data
status, and data
Commands and
Status of
configuration data,
commands, IKEv1/
IKEv1/IKEv2 inputs and
IKEv2 outputs,
data; IPSec inputs,
status, and data;
commands, and data
IPSec outputs,
status, and data
and configuration
data, self signed
certificates
Input
Output
IPSec inputs,
IPSec outputs,
commands, and data
status, and data
TLS inputs, commands,
TLS outputs,
and data
status, and data
EAP-TLS inputs,
EAP-TLS outputs,
commands and data
status and data
802.11i inputs,
802.11i outputs,
commands and data
status and data
802.11i inputs,
802.11i outputs,
commands and data
status, and data
CSP Access
None
RSA/ECDSA key pair for
signing OCSP responses
RSA private key for IKEv1/
IKEv2 and certificate signing
(read access), Diffie-Hellman
key pair for IKEv1/IKEv2
(read/write access), Session
keys for IPSec (read/write
access)
CSP Access
RSA and ECDSA key pair for
IKEv1/IKEv2 (read access);
Diffie-Hellman and Elliptic
curve Diffie-Hellman key pair
for IKEv1/IKEv2 (read and
write access); pre-shared
keys for IKEv1/IKEv2 (read
access)
RSA key pair for TLS; TLS
Session Key
EAP-TLS RSA private key
(read)
EAP-TLS ECDSA private key
(read)
802.11i Pre-Shared Key
(read)
802.11i Session key (read/
write)
EAP-TLS RSA private key
(read)
EAP-TLS ECDSA private key
(read)
802.11i
Pair-Wise Master Key (read/
write)
802.11i
Session key (read/write)
FIPS 140-2 Level 2 Features |
19