Security features, Security features -2 – Carrier Access Broadmore 1750 User Manual
Page 268
11-2
Broadmore 1750 - Release 4.6
Security Management (FIPS Mode)
Security Features
Security Features
This release of the Broadmore includes the Broadmore/SSHield Management Module,
which is a FIPS 140-2 validated software-only module that meets the security
requirements of Federal Information Processing Standard PUB 140-2. The Broadmore/
SSHield Management Module enables the secure operation and control of the
Broadmore’s ATM configuration parameters via a command line interface (CLI) or
menu based interface (CAMMI). TeamF1’s SSHield provides security by means of the
SSH (IETF SECSH) protocol to ensure that network connections are secure.
A detailed description of the Broadmore security features are provided in the
“Broadmore/SSHield Management Module Version 4.0 Security Policy” available at
the following web sites:
under the Broadmore documents
under the Validation Lists
When the FIPS Security option is enabled on the Broadmore, the following security
features are available:
RSA SecurID
®
authentication (optional, see “SecurID Features” on page
Private management data paths using SSHield for CLI/CAMMI sessions and
Secure File Transfer Protocol (SFTP)
Configuration activity audit trails
Zeroize command for decommissioning one or both CPUs
Enabling FIPS mode security disables FTP and Telnet access. Users must log in using
secure client replacements such as SecureCRT
®
and SecureFX
®
. A secure terminal
emulator is required to enter a secure Broadmore system. Although many secure
terminal emulators are available, SecureCRT is recommended.
NOTE:
Be sure to use the appropriate fonts and screen settings to
maintain the proper screen appearance.