Access control policy – Motorola S2500 User Manual

MNR S2500 Security Policy

Version 1.2, Revision Date: 8/8/2008

Page

10

6. Access Control Policy

Authenticated Services

• Firmware Update: load firmware images digitally signed by RSA (1024 bit) algorithm.

• Key Entry: Enter Pre-Shared Keys (PSK)

• User Management: Add/Delete and manage passwords operators

• Reboot: force the module to power cycle via a command

• Zeroization: actively destroy all plaintext CSPs and keys

• Crypto Configuration: Configure IPsec and FRF.17 services

• IKE: Key establishment utilizing the IKE protocol

• IPsec tunnel establishment: IPsec protocol

• FRF.17 tunnel establishment: Frame Relay Privacy Protocol

• SSHv2 for remote access to the router

• Network configuration: Configure networking capabilities

• Enable Ports: Apply a security policy to a port

• File System: Access file system

• Authenticated Show status: Provide status to an authenticated operator

• Access Control: Provide access control for all operators

Unauthenticated Services:

• Unauthenticated Show status: provide the status of the cryptographic module – the status

is shown using the LEDs on the front panel.

• Power-up Self-tests: execute the suite of self-tests required by FIPS 140-2 during power-

up not requiring operator intervention.

• Monitor: Perform various hardware support services