Page 1 FIPS Policy Juniper Networks SRX5600 and SRX5800 Services Gateways Security Policy Document Version: 1.0 Date: October 25, 2011 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net Page 2 FIPS Policy Table of Contents Table of Contents ....................................................................................................................................................................................... 2 List of Tables ............................................................................................................................................................................................. 2 1. Module Overview .................................................................................................................................................................................. 4 2. Security Level ........................................................................................................................................................................................ 6 3. Modes of Operation ............................................................................................................................................................................... 6 Approved Mode of Operation ...................................................................................................................................................... 6 Placing the Module in the Approved Mode of Operation ............................................................................................................ 7 Non-FIPS Mode of Operation ..................................................................................................................................................... 7 4. Ports and Interfaces ................................................................................................................................................................................ 7 5. Identification and Authentication Policy ............................................................................................................................................... 7 Assumption of Roles ................................................................................................................................................................... 7 6. Access Control Policy .......................................................................................................................................................................... 10 Roles and Services ..................................................................................................................................................................... 10 Unauthenticated Services........................................................................................................................................................... 10 Definition of Critical Security Parameters (CSPs) .................................................................................................................... 11 Definition of Public Keys .......................................................................................................................................................... 12 Definition of CSP Modes of Access .......................................................................................................................................... 13 7. Operational Environment ..................................................................................................................................................................... 13 8. Security Rules ..................................................................................................................................................................................... 13 9. Physical Security Policy ...................................................................................................................................................................... 14 Physical Security Mechanisms .................................................................................................................................................. 14 Tamper Seal Placement ............................................................................................................................................................. 15 10. Cryptographic Algorithm Validation ................................................................................................................................................. 18 10. Mitigation of Other Attacks Policy .................................................................................................................................................... 18 11. Acronyms ........................................................................................................................................................................................... 20 About Juniper Networks .......................................................................................................................................................................... 20 List of Tables SRX5000 Series Configurations ................................................................................................................................................................ 4 Security Level ............................................................................................................................................................................................ 6 Hardware Guides ....................................................................................................................................................................................... 7 Roles and Required Identification and Authentication .............................................................................................................................. 8 Strengths of Authentication Mechanisms .................................................................................................................................................. 9 Services Authorized for Roles ................................................................................................................................................................. 10 Table of CSPs .......................................................................................................................................................................................... 11 Table of Public Keys ................................................................................................................................................................................ 12 CSP Access Rights within Roles & Services ........................................................................................................................................... 13 Inspection/Testing of Physical Security Mechanisms .............................................................................................................................. 15 Page 3 FIPS Policy Cryptographic Algorithm Validation Certificates .................................................................................................................................... 18 Mitigation of Other Attacks ..................................................................................................................................................................... 18 Page 4 FIPS Policy 1. Module Overview Juniper Networks SRX5000 line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX5000 line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions. Incorporating the routing heritage and service provider reliability of Junos OS with the rich security heritage of ScreenOS, service provider reliability, and ScreenOS security heritage, the SRX Series also offers the high feature/service integration necessary to secure modern network infrastructure and applications. The Juniper Networks SRX5000 Series Services Gateways consist of models SRX5600 and SRX5800 running JUNOS-FIPS, a version of JUNOS created specifically for FIPS compliance. The validated version of JUNOS-FIPS is 10.4R4; the image is junos- srx5000-10.4R4.5-fips.tgz. The cryptographic module is defined as a multiple-chip standalone module that executes JUNOS-FIPS firmware on any of the Juniper Networks SRX-Series gateways listed in the table below. The cryptographic boundary for the SRX5600 and SRX5800 is defined as the outer edge of the chassis, excluding the power distribution module on the rear of the device. The cryptographic modules operational environment is a limited operational environment. SRX5000 Series Configurations Series Model Hardware version SRX5000 SRX5600BASE-AC, Series SRX5600 SRX5600BASE-DC SRX5800BASE-AC, SRX5800 SRX5800BASE-DC Page 5 FIPS Policy Figure 1. Images of the Cryptographic Modules SRX5600 SRX5800 Figure 1 depicts the SRX series without tamper seals. For depictions of the units with tamper seals, see section 9. Page 6 FIPS Policy 2. Security Level The cryptographic module meets
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages20 Page
-
File Size-