Reference Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series FIPS

Dell W-7200 Series Controllers FIPS 140-2 Level 2 Security Policy 1

Dell W-7200 Series Controllers with Dell AOS FIPS Firmware

Non-Proprietary Security Policy FIPS 140-2 Level 2

January 12, 2015

This is to advise that the document entitled “Aruba 7200 Series Controllers with ArubaOS FIPS Firmware

Non-Proprietary Security Policy FIPS 140-2 Level 2” Version 1.4, dated May 2014, applies to Dell W-

Series 7200 Series Controllers with Dell AOS FIPS Firmware. Aruba Networks is the Original Equipment

Manufacturer (OEM) for the Dell Networking W-Series of products. This document, provided below, is

applicable for use by Dell W-Series customers for security policy information and instruction on how to

place and maintain the W-7200 Series Controllers in a secure FIPS 140-2 mode.

Dell Networking W-Series products are equivalent in features and functionality to the corresponding

Aruba Networks product models. Accordingly, the Dell AOS FIPS firmware is the validated ArubaOS FIPS

firmware version, with the exception of branding. When using the FIPS Security Policy document, the

screenshots, configurations, TEL placement locations, and images can be applied to Dell Networking W-

Series products without any need for changes.

Product Name Mapping:

Aruba Networks Model name

Dell Networking Model name

Description

Aruba 7210-F1

W-7210-F1

Non-US – 512 AP Controller

Aruba 7210-USF1

W-7210-USF1

US – 512 AP Controller

Aruba 7220-F1

W-7220-F1

Non-US – 1024 AP Controller

Aruba 7220-USF1

W-7220-USF1

US – 1024 AP Controller

Aruba 7240-F1

W-7240-F1

Non-US – 2048 AP Controller

Aruba 7240-USF1

W-7240-USF1

US – 2048 AP Controller

 These models include Aruba FIPS kit 4010061-01 (contains tamper evident labels)

 The exact firmware version validated was ArubaOS 6.3.1.7-FIPS

The Dell Networking W-Series products are rebranded for Dell customers, as shown in the product

images below.

Summary of content (37 pages)

PAGE 1
Dell W-7200 Series Controllers with Dell AOS FIPS Firmware Non-Proprietary Security Policy FIPS 140-2 Level 2 January 12, 2015 This is to advise that the document entitled “Aruba 7200 Series Controllers with ArubaOS FIPS Firmware Non-Proprietary Security Policy FIPS 140-2 Level 2” Version 1.4, dated May 2014, applies to Dell WSeries 7200 Series Controllers with Dell AOS FIPS Firmware. Aruba Networks is the Original Equipment Manufacturer (OEM) for the Dell Networking W-Series of products.
PAGE 2
Dell Networking W-7240 Controller Product Image: Aruba 7200 Series Controller Product Images: If you have questions or concerns, please contact Dell Technical Support at www.dell.com/support, additional product documentation is also available by device under user manuals.
PAGE 3
Aruba 7200 Series Controllers with ArubaOS FIPS Firmware Non-Proprietary Security Policy FIPS 140-2 Level 2 Version 1.
PAGE 4
Copyright © 2014 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless ® ® ® Networks , the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System , Mobile Edge Architecture , ® ® ® People Move. Networks Must Follow , RFprotectrotect , Green Island . All rights reserved. All other trademarks are the property of their respective owners.
PAGE 5
Contents Contents............................................................................................................................................................................. 3 Preface ............................................................................................................................................................................... 5 Purpose of this Document.............................................................................................................
PAGE 6
Applying TELs .............................................................................................................................................32 Ongoing Management .......................................................................................................................................................... 33 Crypto Officer Management..........................................................................................................................................
PAGE 7
Preface This security policy document can be copied and distributed freely. Purpose of this Document This release supplement provides information regarding the Aruba 7200 Controllers with FIPS 140-2 Level 2 validation from Aruba Networks. The material in this supplement modifies the general Aruba hardware and firmware documentation included with this product and should be kept with your Aruba product documentation.
PAGE 8
Overview Aruba 7200 series Mobility Controllers are optimized for 802.11ac and mobile app delivery. Fully application-aware, the 7200 series prioritizes mobile apps based on user identity and offers exceptional scale for BYOD transactions and device densities. With a new central processor employing eight CPU cores and four virtual cores, the 7200 series supports over 32,000 wireless devices and performs stateful firewall policy enforcement at speeds up to 40 Gbps – plenty of capacity for BYOD and 802.
PAGE 9
Physical Description Cryptographic Module Boundaries For FIPS 140-2 Level 2 validation, the Controller has been validated as a multi-chip standalone cryptographic module. The steel chassis physically encloses the complete set of hardware and firmware components and represents the cryptographic boundary of the controller. The cryptographic boundary is defined as encompassing the top, front, left, right, rear, and bottom surfaces of the chassis.
PAGE 10
Intended Level of Security The 7200 Controller and associated modules are intended to meet overall FIPS 140-2 Level 2 requirements as shown in Table 1.
PAGE 11
Physical Security The Aruba Controller is a scalable, multi-processor standalone network device and is enclosed in a robust steel housing. The controller enclosure is resistant to probing and is opaque within the visible spectrum. The enclosure of the module has been designed to satisfy FIPS 140-2 Level 2 physical security requirements. The Aruba 7200 Controller requires Tamper-Evident Labels (TELs) to allow the detection of the opening of the chassis cover and to block the Serial console port.
PAGE 12
Table 2 FIPS 140-2 Logical Interfaces Power Interface  Power Supply Data input and output, control input, status output, and power interfaces are defined as follows: Data input and output are the packets that use the firewall, VPN, and routing functionality of the modules.     Control input consists of manual control inputs for power and reset through the power and reset switch. It also consists of all of the data that is entered into the controller while using the management interfaces.
PAGE 13
See the table below for descriptions of the services available to the Crypto Officer role. Table 3 Crypto-Officer Services Service Description Input Output CSP Access SSH v2.
PAGE 14
Table 3 Crypto-Officer Services Configuring Internet Protocol Set IP functionality Commands and configuration data Status of commands and configuration data None Configuring Quality of Service (QoS) Configure QOS values for module Commands and configuration data Status of commands and configuration data None Configuring VPN Configure Public Key Infrastructure (PKI); configure the Internet Key Exchange (IKEv1/IKEv2) Security Protocol; configure the IPSec protocol Commands and configuration data S
PAGE 15
Table 3 Crypto-Officer Services IPSec tunnel establishment for RADIUS protection Provided authenticated/encrypted channel to RADIUS server IKEv1/IKEv2 inputs and IKEv1/IKEv2 data; IPSec inputs, outputs, status, and commands, and data data; IPSec outputs, status, and data Self-Test Perform FIPS start-up tests on demand None Error messages logged if a failure occurs None Configuring Bypass Operation Configure bypass operation on the module Commands and configuration data Status of commands and conf
PAGE 16
User Role The User role can access the controller’s IPSec and IKEv1/IKEv2 services.
PAGE 17
Authentication Mechanisms The Aruba Controller supports role-based authentication. Role-based authentication is performed before the Crypto Officer enters privileged mode using admin password via Web Interface or SSHv2 or by entering enable command and password in console. Role-based authentication is also performed for User authentication. This includes password and RSA/ECDSA-based authentication mechanisms. The strength of each authentication mechanism is described below.
PAGE 18
EAP-TLS authentication User If RSA is used, 2048 bit RSA keys correspond to effective strength of 2112; If ECDSA (P-256 and P-384) is used, curve P-256 provides 128 bits of equivalent security, and P-384 provides 192 bits of equivalent security.. Unauthenticated Services The Aruba Controller can perform VLAN, bridging, firewall, routing, and forwarding functionality without authentication. These services do not involve any cryptographic processing.
PAGE 19
The firmware supports the following cryptographic implementations.  ArubaOS OpenSSL Module implements the following FIPS-approved algorithms:  AES (Cert. #2680)  CVL (Cert. #152)  DRBG (Cert. #433)  ECDSA (Cert. #469)  HMAC (Cert. #1666)  KBKDF (Cert. #16)  RSA (Cert. #1379)  SHS (Cert. #2249)  Triple-DES (Cert. #1607) Note:  o RSA (Cert. #1379; non-compliant with the functions from the CAVP Historical RSA List)  FIPS186-2: ALG[ANSIX9.
PAGE 20
o SHS (Cert.
PAGE 21
Critical Security Parameters The following are the Critical Security Parameters (CSPs) used in the controller. Table 6 CSPs/Keys Used in Aruba Controllers # Name CSPs type Generation Storage and Zeroization Use 1 Key Encryption Key (KEK) Triple-DES 168-bit key Hardcoded during manufacturing Stored in Flash. Zeroized by using command ‘wipe out flash’ Encrypts IKEv1/IKEv2 Pre-shared key, RADIUS server shared secret, RSA private key, ECDSA private key, 802.11i pre-shared key and Passwords.
PAGE 22
Table 6 CSPs/Keys Used in Aruba Controllers 7 RNG seed key FIPS 186-2 RNG Seed key (512 bits) Derived using NONFIPS approved HW RNG Stored in plaintext in volatile memory. Zeroized on reboot. Seed 186-2 General purpose (x-change Notice); SHA-1 RNG 8 Diffie-Hellman private key Diffie-Hellman private key (224 bits) Generated internally during Diffie-Hellman Exchange Stored in the volatile memory. Zeroized after the session is closed.
PAGE 23
Table 6 CSPs/Keys Used in Aruba Controllers 14 RADIUS server shared secret 8-128 character shared secret CO configured Stored encrypted in Flash with the KEK. Zeroized by changing (updating) the preshared key through the User interface. Module and RADIUS server authentication 15 Enable secret 8-64 character password CO configured Store in ciphertext in flash. Zeroized by changing (updating) through the user interface.
PAGE 24
Table 6 CSPs/Keys Used in Aruba Controllers 21 IKEv1/IKEv2 session encryption key Triple-DES (168 bits/AES (128/196/256 bits) Established as a result of IKEv1/IKEv2 service implementation. Stored in plaintext in volatile memory. Zeroized when session is closed. IKEv1/IKEv2 payload encryption 22 IPSec session encryption keys Triple-DES (168 bits / AES (128/196/256 bits) Established during the IPSec service implementation Stored in plaintext in volatile memory. Zeroized when the session is closed.
PAGE 25
Table 6 CSPs/Keys Used in Aruba Controllers 29 RSA Private Key RSA 2048 bit private key Generated in the module Stored in flash memory encrypted with KEK. Zeroized by the CO command write erase all. Used by TLS and EAP-TLS/PEAP protocols during the handshake, used for signing OCSP responses, and used by IKEv1/IKEv2 for device authentication and for signing certificates 30 RSA public key RSA 2048 bit public key Generated in the module Stored in flash memory encrypted with KEK.
PAGE 26
Table 6 CSPs/Keys Used in Aruba Controllers by the CO command write erase all. password 8-64 character password 37 SNMPv3 privacy password 38 SNMPv3 session key AES-CFB key (128 bits) CO configured Stored in flash memory encrypted with KEK. Zeroized by the CO command write erase all. Used to derive SNMPv3 session key Derived from SNMPv3 privacy password using an approved KDF Stored in volatile memory. Zeroized on reboot.
PAGE 27
Aruba Hardware Known Answer Tests:      AES (encrypt/decrypt) KATs AES-CCM KAT AES-GCM KAT Triple-DES(encrypt/decrypt) KATs HMAC (HMAC-SHA1) KAT The following Conditional Self-tests are performed in the controller: ArubaOS OpenSSL Module     Bypass Tests (Wired Bypass Test and Wireless Bypass Test) CRNG Test on Approved RNG (DRBG) ECDSA Pairwise Consistency Test RSA Pairwise Consistency Test ArubaOS Crypto Module    CRNG Test on Approved RNG (FIPS 186-2 RNG) ECDSA Pairwise Consistency Test
PAGE 28
Alternating Bypass State The controller implements an alternating bypass state when:   a port is configured in trusted mode to provide unauthenticated services a configuration provides wireless access without encryption The alternating bypass status can be identified by retrieving the port configuration or the wireless network configuration.
PAGE 29
Installing the Controller This chapter covers the physical installation of the 7200 Controllers with FIPS 140-2 Level 2 validation. The Crypto Officer is responsible for ensuring that the following procedures are used to place the controller in a FIPS-approved mode of operation.
PAGE 30
Package Contents The product carton should include the following:     7200 Controller Rack mounting kit Aruba User Documentation CD Tamper-Evident Labels 28| Aruba 7200 Series Controllers FIPS 140-2 Level 2 Security Policy
PAGE 31
Tamper-Evident Labels After testing, the Crypto Officer must apply Tamper-Evident Labels (TELs) to the controller. When applied properly, the TELs allow the Crypto Officer to detect the opening of the chassis cover, the removal or replacement of modules or cover plates, or physical access to restricted ports. Vendor provides FIPS 140 designated TELs which have met the physical security testing requirements for tamper evident labels under the FIPS 140-2 Standard.
PAGE 32
Required TEL Locations The Aruba 7200 Mobility Controller requires a minimum of 15 TELs to be applied as follows: To Detect Opening the Chassis Lid  Spanning the left side and right side of the chassis lid where it meets the chassis bottom, as shown in Figures 6, 7, and 8.  Spanning the front bezel and the chassis lid, as shown in Figures 3 and 4.  Spanning the expansion slot cover plate and the top of the chassis, as shown in Figures 3 and 4.
PAGE 33
Figure 3 Required TELs for the Aruba 7200 Mobility Controller – Top Figure 4 Required TELs for the Aruba 7200 Mobility Controller – Front Figure 5 Required TELs for the Aruba 7200 Mobility Controller – Rear Aruba 7200 Series Controllers FIPS 140-2 Level 2 Security Policy|31
PAGE 34
Figure 6 Required TELs for the Aruba 7200 Mobility Controller – Right Side Figure 7 Required TELs for the Aruba 7200 Mobility Controller – Left Side Figure 8 Required TELs for the Aruba 7200 Mobility Controller – Bottom Applying TELs The Crypto Officer should employ TELs as follows:     Before applying a TEL, make sure the target surfaces are clean and dry. Do not cut, trim, punch, or otherwise alter the TEL. Apply the wholly intact TEL firmly and completely to the target surfaces.
PAGE 35
Ongoing Management The Aruba 7200 Controllers meet FIPS 140-2 Level 2 requirements. The information below describes how to keep the controller in FIPS-approved mode of operation. The Crypto Officer must ensure that the controller is kept in a FIPSapproved mode of operation. Crypto Officer Management The Crypto Officer must ensure that the controller is always operating in a FIPS-approved mode of operation.
PAGE 36
Setup and Configuration The Aruba 7200 Controllers meet FIPS 140-2 Level 2 requirements. The sections below describe how to place and keep the controller in FIPS-approved mode of operation. The Crypto Officer (CO) must ensure that the controller is kept in a FIPS-approved mode of operation. The controller can operate in two modes: the FIPS-approved mode, and the standard non-FIPS mode. By default, the controller operates in non-FIPS mode. Setting Up Your Controller To set up your controller: 1.
PAGE 37
To verify that FIPS mode has been enabled, issue the command “show fips”. Disabling the LCD Configuration through the front-panel LCD should be disabled.