beautypg.com

Design assurance, Mitigation of other attacks, Esign – Enterasys Networks XSR-1805 User Manual

Page 21: Ssurance, Itigation of, Ther, Ttacks

background image

• Continuous random number generator test: this test is constantly

run to detect failure of the random number generator of the module.

• Manual key entry test: when entering a pre-shared key, master

encryption key, or load test HMAC SHA-1 key, the module performs
the manual key entry test by requesting the Crypto Officer to enter
the key in twice.

• Software load test: the module uses HMAC SHA-1 to check the

validity of the software. Only validated software can be loaded into
the modules.

• Bypass mode test: the module performs SHA-1 check value

verification to ensure that the policy files are not modified.


If any of the power-up self-tests fail (excluding the interface diagnostic
tests), the module enters the Critical Error state and reboots. When the
power-up software load test fails, the module enters the Critical Error
state, rather than rebooting the module deletes the invalid software file
and enters the Bootrom Monitor Mode state.
If any of the conditional self-tests fail (except for the continuous RNG test
and the bypass mode test), the module enters the Non-Critical Error state.
All cryptographic processing and data output for the problem service is
halted until the error state is cleared by the Crypto Officer. If the
continuous RNG test or the conditional bypass mode test fails, the module
will enter the Critical Error state and reboot.

When the module fails a power-up or conditional self-test, it will output an
error indicator via the console port.

Design Assurance

Source code and associated documentation files are managed and
recorded by using the configuration management tool ClearCase.

The Enterasys hardware data, which includes Description, Part Data, Part
Type, BOM, Manufacturers, Changes, History, and hardware documents
are managed and recorded using Agile Workplace.

The FIPS documentation were managed and recorded by using Microsoft
Visual Source Safe version 6.0.

Mitigation of Other Attacks

The modules do not employ security mechanisms to mitigate specific
attacks.

© Copyright 2003

Enterasys Networks

Page 21 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

This manual is related to the following products:
See also other documents in the category Enterasys Networks Hardware: