beautypg.com

Secure operation, Crypto officer guidance, Initial setup – Enterasys Networks XSR-1805 User Manual

Page 22: Setting passwords, Rypto, Fficer, Uidance

background image

S

ECURE

O

PERATION

The XSR modules

meet level 2 requirements for FIPS 140-2. The sections

below describe how to place and keep the module in a FIPS-approved
mode of operation. The Crypto Officer must ensure that the module is kept
in a FIPS-approved mode of operation. The procedures are described in
“Crypto Officer Guidance”.
The User can use the module after the Crypto Officer changes the mode
of operation to FIPS mode. The secure operation for the User is described
in “User Guidance” on page 24.

Crypto Officer Guidance

The secure operation procedures for the Crypto Officer are covered in the
initial setup and Management section. Following these procedures ensure
that the module runs in a FIPS-compliant manner.

Initial Setup

The Crypto Officer receives the module in a carton. Within the carton the
module is placed inside an ESD bag. The Crypto Officer should examine
the carton and the ESD bag for evidence of tampering. Tamper-evidence
includes tears, scratches, and other irregularities in the packaging.

Since the module does not enforce an access control mechanism before it
is initialized, the Crypto Officer must maintain control of the module at all
times until the initial setup is complete.

Before turning on the module, the Crypto Officer must ensure that the
module meets level 2 physical security requirements. To satisfy these
requirements, the Crypto Officer must apply the tamper-evident labels
provided in the FIPS kit. The Installation Guide: Attaching XSR Security
Labels detail how the labels must be applied to each module.

After all the labels are in place, the Crypto Officer can open a Console
session to the XSR using Microsoft’s HyperTerminal, Procomm or other
program. The session properties must be set as follows: BPS – 9600,
Data bits – 8, Parity – none, Stop bits – 1, Flow control – none.

Setting Passwords

During the first five seconds of initialization, the Crypto Officer must press
the key combination CTRL-C to enter Bootrom monitor mode. After the
Crypto Officer accesses the mode, the Crypto Officer must set the at least
six character long Bootrom password.

To set the Bootrom password

1. Enter bp

© Copyright 2003

Enterasys Networks

Page 22 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

This manual is related to the following products:
See also other documents in the category Enterasys Networks Hardware: