User guidance, Uidance – Enterasys Networks XSR-1805 User Manual

Page 24

• Dial backup access must be disabled.

• Syslog remote logging must be disabled.

• VPN services can only be provided by IPSec or L2TP over IPSec.

• Only SNMPv3 can be enabled.

• If cryptographic algorithms can be set for services (such as

IKE/IPSec and SNMP), only FIPS-approved algorithms can be
specified. These include the following:

o AES

o Triple-DES

o DES

o SHA-1

o HMAC SHA-1

o DSA

o RSA signature and verification

• FTP and TFTP can only be used to load valid software files.

(FTP and TFTP over IPSec can be used to transfer configuration
files.)

• The module logs must be monitored. If a strange activity is found,

the Crypto Officer should take the module off line and investigate.

• The tamper-evident labels must be regularly examined for signs of

tampering.

User Guidance

The User accesses the module VPN functionality as an IPSec client.
Although outside the boundary of the module, the User should be careful
not to provide authentication information and session keys to other parties.

Enterasys Networks

Page 24 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

This manual is related to the following products:

XSR-1850