Motorola S2500 User Manual

MNR S2500 Security Policy

Version 1.2, Revision Date: 8/8/2008

Page

9

strings consisting of 7 to 15 characters chosen from the 94 standard keyboard characters. Upon
correct authentication, the role is selected based on the username of the operator. At the end of a
session, the operator must log-out.

When a router power cycles, sessions are terminated. A user must reauthenticate to access the
router.

Multiple concurrent operators. Each operator has an independent session with the router, either
though Telnet, SSH, or via the console. Once authenticated to a role, each operator can access
only those services for that role. In this way, separation is maintained between the role and
services allowed for each operator.

The definition of all supported roles is shown in Table 5 below.

Role

Type of
Authentication

Authentication Data

Description

Crypto Officer
(Super User)

Role-based operator
authentication.

Username and Password. The
module stores user identity
information internally or if
configured,

The owner of the cryptographic
module with full access to services of
the module.

Network
Manager

Role-based operator
authentication.

Username and Password. The
module stores user identity
information internally.

A user of the cryptographic module
with almost full access to services of
the module.

Admin Role-based

operator

authentication

Username and Password. The
module stores user identity
information internally.

An assistant to the Crypto Officer
that has read only access to a subset
of module configuration and status
indications.

User Role-based

operator

authentication

Username and Password. The
module stores user identity
information internally.

A user of the cryptographic module
that has read only access to a subset
of module configuration and status
indications.

Maintenance

None (see comment)

N/A

Maintenance role can be entered via
the external console port
(unauthenticated) or via EOS
software command (requires
Network Manager authentication)

Table 5 – Roles and Required Identification and Authentication

Authentication Mechanism

Strength of Mechanism

Username and Password

The probability that a random attempt will succeed or
a false acceptance will occur is 1/94^7 which is less
than 1/1,000,000.

Table 6 – Strengths of Authentication Mechanisms