McAfee, Inc. McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Software Version: 8.2.1 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 0.8 Prepared for: Prepared by: McAfee, Inc. Corsec Security, Inc. 2821 Mission College Boulevard 13135 Lee Jackson Memorial Highway, Suite 220 Santa Clara, California 95054 Fairfax, Virginia 22033 United States of America United States of America Phone: +1 (888) 847-8766 Phone: +1 (703) 267-6050 http://www.mcafee.com http://www.corsec.com Security Policy, Version 0.8 June 3, 2013 Table of Contents 1 INTRODUCTION ................................................................................................................... 4 1.1 PURPOSE ................................................................................................................................................................ 4 1.2 REFERENCES .......................................................................................................................................................... 4 1.3 DOCUMENT ORGANIZATION ............................................................................................................................ 4 2 MFE VIRTUAL APPLIANCE .................................................................................................. 5 2.1 OVERVIEW ............................................................................................................................................................. 5 2.2 MODULE SPECIFICATION..................................................................................................................................... 6 2.2.1 Physical Cryptographic Boundary ...................................................................................................................... 7 2.2.2 Logical Cryptographic Boundary ........................................................................................................................ 8 2.3 MODULE INTERFACES .......................................................................................................................................... 8 2.4 ROLES, SERVICES, AND AUTHENTICATION ....................................................................................................... 9 2.4.1 Crypto-Officer Role................................................................................................................................................. 9 2.4.2 User Role ................................................................................................................................................................ 12 2.4.3 Network User Role ............................................................................................................................................. 12 2.4.4 Authentication Mechanism ............................................................................................................................... 12 2.5 PHYSICAL SECURITY ...........................................................................................................................................14 2.6 OPERATIONAL ENVIRONMENT.........................................................................................................................14 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................15 2.8 SELF-TESTS ..........................................................................................................................................................21 2.8.1 Power-Up Self-Tests ............................................................................................................................................ 21 2.8.2 Conditional Self-Tests ......................................................................................................................................... 21 2.8.3 Critical Functions Self-Test................................................................................................................................ 21 2.9 MITIGATION OF OTHER ATTACKS ..................................................................................................................21 3 SECURE OPERATION ......................................................................................................... 22 3.1 CRYPTO-OFFICER GUIDANCE ..........................................................................................................................22 3.1.1 Installation.............................................................................................................................................................. 22 3.1.2 Initialization ........................................................................................................................................................... 23 3.1.3 Management ........................................................................................................................................................ 26 3.2 USER GUIDANCE ................................................................................................................................................26 4 ACRONYMS .......................................................................................................................... 27 Table of Figures FIGURE 1 – TYPICAL DEPLOYMENT SCENARIO .....................................................................................................................5 FIGURE 2 – BLOCK DIAGRAM OF A TYPICAL GPC...............................................................................................................7 FIGURE 3 – MFE VIRTUAL APPLIANCE CRYPTOGRAPHIC BOUNDARIES ............................................................................8 FIGURE 4 – SERVICE STATUS ................................................................................................................................................. 24 FIGURE 5 – CONFIGURING FOR FIPS .................................................................................................................................. 25 List of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION .........................................................................................................6 TABLE 2 – VIRTUAL APPLIANCE INTERFACE MAPPINGS .......................................................................................................9 TABLE 3 – CRYPTO-OFFICER SERVICES ............................................................................................................................... 10 TABLE 4 – USER SERVICES ..................................................................................................................................................... 12 TABLE 5 – NETWORK USER SERVICES ................................................................................................................................. 12 TABLE 6 – AUTHENTICATION MECHANISMS EMPLOYED BY THE MODULE .................................................................... 13 TABLE 7 – APPROVED SECURITY FUNCTIONS .................................................................................................................... 15 TABLE 8 – NON-APPROVED SECURITY FUNCTIONS USED IN FIPS MODE .................................................................... 16 TABLE 9 – CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS............................................... 17 McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 2 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 TABLE 10 – REQUIRED KEYS AND CSPS FOR SECURE OPERATION ................................................................................ 25 TABLE 11 – ACRONYMS ........................................................................................................................................................ 27 McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 3 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 from McAfee, Inc. This Security Policy describes how the McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 (Software Version: 8.2.1) meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. The McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 is referred to in this document as the MFE Virtual Appliance, the cryptographic module, or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:  The McAfee corporate website (http://www.mcafee.com) contains information on the full line of products from McAfee.  The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains:  Vendor Evidence document  Finite State Model document  Validation Submission Summary document  Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to McAfee. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to McAfee and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact McAfee. McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 4 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 2 MFE Virtual Appliance 2.1 Overview McAfee, Inc. is a global leader in Enterprise Security solutions. The company’s comprehensive portfolio of network security products and solutions provides unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances have been created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications. Consolidating all major perimeter security functions into one system, McAfee's Firewall Enterprise appliances are the strongest self-defending perimeter firewalls in the world. Built with a comprehensive combination of high-speed application proxies, McAfee's TrustedSource™ reputation-based global intelligence, and signature-based security services, Firewall Enterprise defends networks and Internet- facing applications from all types of malicious threats, both known and unknown. Figure 1 – Typical Deployment Scenario Firewall Enterprise appliances are market-leading, next-generation firewalls that provide application visibility and control even beyond Unified Threat Management (UTM) for multi-layer security – and the highest network performance. Global visibility of dynamic threats is the centerpiece of Firewall Enterprise and one of the key reasons for its superior ability to detect unknown threats along with the known. Firewall Enterprise appliances deliver the best-of-breed in security systems to block attacks, including:  Viruses  Worms  Trojans  Intrusion attempts  Spam and phishing tactics  Cross-site scripting  Structured Query Language (SQL) injections  Denial of service (DoS)  Attacks hiding in encrypted protocols McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 5 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 A Firewall Enterprise appliance is managed using a proprietary graphical user interface (GUI), referred as Admin Console, and a command line management interface. Hundreds of Firewall Enterprise appliances can be managed centrally using McAfee’s Control Center tool. Firewall Enterprise security features include:  Firewall feature for full application filtering, web application filtering, and Network Address Translation (NAT)  Authentication using local database, Active Directory, LDAP 1, RADIUS2, Windows Domain Authentication, and more  High Availability (HA)  Geo-location filtering  Encrypted application filtering using TLS 3 and IPsec4 protocols  Intrusion Prevention System  Networking and Routing  Management via Simple Network Management Protocol (SNMP) version 3 The McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 is designed to leverage VMware’s ESXi Server virtualization technology and run the firewall as a virtual appliance installed on the server. The McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 is validated at the FIPS 140-2 section levels shown in Table 1. Table 1 – Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 3 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 1 4 Finite State Model 1 5 Physical Security N/A 6 Operational Environment 1 7 Cryptographic Key Management 1 EMI/EMC5 8 1 9 Self-tests 1 10 Design Assurance 2 11 Mitigation of Other Attacks N/A 2.2 Module Specification The McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 is a multi-chip standalone software module that meets overall Level 1 FIPS 140-2 requirements. It executes as a virtual appliance, running on a guest operating system (OS) in a virtualized environment on a typical general-purpose computer (GPC) hardware platform. The guest operating system is McAfee’s SecureOS v8.2, while the virtualization layer is provided by VMware ESXi v4.1 (also referred to throughout this document as the LDAP – Lightweight Directory Access Protocol 1 RADIUS – Remote Authentication Dial-In User Service 2 TLS – Transport Layer Security 3 IPsec – Internet Protocol Security 4 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility 5 McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 6 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 hypervisor). The module interacts directly with the hypervisor, which runs directly on the hardware without the need of a host OS. The module was tested and found to be compliant with FIPS 140-2 requirements in an operational environment consisting of the following components:  Intel Xeon processor  VMware ESXi v4.1 with McAfee’s SecureOS v8.2 as the guest OS  McAfee Firewall Enterprise S7032 hardware appliance 2.2.1 Physical Cryptographic Boundary As a software module, the virtual appliance has no physical characteristics; however, the physical boundary of the cryptographic module is defined by the hard enclosure around the host GPC on which it runs. Figure 2 shows the block diagram of a typical GPC (the dashed line surrounding the hardware components represents the module’s physical cryptographic boundary, which is the outer case of the hardware platform), and identifies the hardware with which the GPC’s processor interfaces. DVD Hardware Network RAM Management Interface HDD Clock SCSI/SATA Generator Controller LEDs/LCD North Bridge Serial CPU(s) Audio South Bridge Cache PCI/PCIe Slots USB PCI/PCIe Power Graphics Slots Interface BIOS Controller External Power Supply KEY: BIOS – Basic Input/Output System PCIe – PCI express Plaintext data CPU – Central Processing Unit HDD – Hard Disk Drive Encrypted data SATA – Serial Advanced Technology Attachment DVD – Digital Video Disc Control input SCSI – Small Computer System Interface USB – Universal Serial Bus Status output PCI – Peripheral Component Interconnect RAM – Random Access Memory Crypto boundary Figure 2 – Block Diagram of a Typical GPC The module’s physical cryptographic boundary is further illustrated by the black dotted line in Figure 3 below. McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 7 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 The module makes use of the physical interfaces of the GPC hosting the virtual environment upon which the module is installed. The hypervisor controls and directs all interactions between the MFE Virtual Appliance and the operator, and is responsible for mapping the module’s virtual interfaces to the GPC’s physical interfaces. These interfaces include the integrated circuits of the system board, processor, network adapters, RAM6, hard disk, device case, power supply, and fans. Figure 2 shows the block diagram of a typical GPC (the dashed line surrounding the hardware components represents the module’s physical cryptographic boundary, which is the outer case of the hardware platform), and identifies the hardware with which the GPC’s processor interfaces. 2.2.2 Logical Cryptographic Boundary The logical cryptographic boundary of the module (shown by the red dotted line in Figure 3) consists of the McAfee Firewall Enterprise application, three cryptographic libraries, and a proprietary operating system (McAfee’s SecureOS® v8.2) acting as the guest OS. The libraries are:  Cryptographic Library for SecureOS (CLSOS) for 32-bit systems v7.0.1.01  CLSOS for 64-bit systems v7.0.1.01  Kernel Cryptographic Library for SecureOS (KCLSOS) v8.2 McAfee Firewall Enterprise SecureOS VMware ESXi Plaintext data Encrypted data Control input Status output GPC Hardware Platform Logical boundary Physical boundary Figure 3 – MFE Virtual Appliance Cryptographic Boundaries 2.3 Module Interfaces Interfaces on the module can be categorized as the following FIPS 140-2 logical interfaces:  Data Input Interface  Data Output Interface  Control Input interface  Status Output Interface  Power Interface RAM – Random Access Memory 6 McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 8 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 The module’s physical and electrical characteristics, manual controls, and physical indicators are provided by the host GPC; the hypervisor provides virtualized ports and interfaces which map to the GPCs’ physical ports and interfaces. The mapping of the module’s logical interfaces in the software to FIPS 140-2 logical interfaces is described in Table 2 below. Table 2 – Virtual Appliance Interface Mappings FIPS 140-2 Logical Physical Port/Interface Module Port/Interface Interface  Host GPC Ethernet Virtual Ethernet Ports Data Input (10/100/1000) Ports  Data Output  Control Input  Status Output  Control Input Host GPC Keyboard port Virtual Keyboard port  Control Input Host GPC Mouse port Virtual Mouse port  Data Input Host GPC Serial Port Virtual Serial Port  Control Input  Status Output Host GPC Video Connector Virtual Video Interface  Power Host GPC Power Interface N/A Data input and output are the packets utilizing the services provided by the module. These packets enter and exit the module through the virtual Ethernet ports. Control input consists of configuration or administrative data entered into the module. Status output consists of the status provided or displayed via the operator interfaces (such as the GUI or CLI) or available log information. 2.4 Roles, Services, and Authentication There are three authorized roles in the module that an operator may assume: a Crypto-Officer (CO) role, a User role, and a Network User role. Please note that the keys and Critical Security Parameters (CSPs) listed in the Services tables below indicate the type of access required:  R (Read): The CSP is read  W (Write): The CSP is established, generated, modified, or zeroized  X (Execute): The CSP is used within an Approved or Allowed security function or authentication mechanism 2.4.1 Crypto-Officer Role The Crypto-Officer role performs administrative services on the module, such as initialization, configuration, and monitoring of the module. Before accessing the module for any administrative service, the operator must authenticate to the module. The module offers management interfaces in two ways:  Administration Console  Command Line Interface (CLI) The Administration Console (or Admin Console) is the graphical software that runs on a Windows computer within a connected network. Admin Console is McAfee’s proprietary GUI management software McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 9 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 tool that needs to be installed on a Windows-based workstation. This is the primary management tool. All Admin Console sessions to the module are protected over secure TLS channel. Authentication of the administrator is through a username/password prompt checked against a local password database. CLI sessions are offered by the module for troubleshooting. The CLI is accessed locally over the serial port or by a direct-connected keyboard and mouse, while remote access is via Secure Shell (SSH) session. The CO authenticates to the module using a username and password. Services provided to the Crypto-Officer are provided in Table 3 below. Table 3 – Crypto-Officer Services Service Description Input Output CSP and Type of Access Authenticate to the Used when Command Status Firewall Authentication Keys - R Admin Console administrators login Output Key Agreement Key - R to the appliance using TLS Session Authentication Key - R/W the Firewall TLS Session Key - R/W Enterprise Admin Administrative Password - R Console Authenticate to the Used when Command Status Common Access Card Authentication Keys - R Admin Console administrators login Output Key Agreement Key - R using Common to the appliance with TLS Session Authentication Key - R/W Access Card (CAC) CAC authentication TLS Session Key - R/W to access the Firewall Common Access Card One-Time Password - R Enterprise Admin Console Authenticate to the Used when Command Status Firewall Authentication Keys - R Admin CLI administrators login Output Key Agreement Key - R to the appliance using SSH Session Authentication Key - R/W the Firewall SSH Session Key - R/W Enterprise Admin Administrative Password - R CLI Authenticate to the Used when Command Status Common Access Card Authentication Keys - R Admin CLI using administrators login Output Key Agreement Key - R Common Access to the appliance with SSH Session Authentication Key - R/W Card (CAC) CAC authentication SSH Session Key - R/W to access the Firewall Common Access Card One-Time Password - R Enterprise Admin CLI Authenticate to the Used when Command Status  Administrator Password - R local console administrators login Output to the appliance via the local console Change password Allows external users Command Status Firewall Authentication Keys - R to use a browser to Output Key Agreement Key - R change their Firewall TLS Session Authentication Key - R/W Enterprise, SafeWord TLS Session Key - R/W PremierAccess, or Administrative Password - R/W LDAP login password McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 10 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Service Description Input Output CSP and Type of Access Configure cluster Services required to Command Status Firewall Authentication Keys - R communication communicate with Output Key Agreement Key - R each other in Firewall TLS Session Authentication Key - R/W Enterprise multi- TLS Session Key - R/W appliance configurations Configure and Used to generate and Command Status  Firewall Authentication Keys - R monitor Virtual exchange keys for Output  Key Agreement Key - R Private Network VPN sessions  TLS Session Authentication Key - R/W (VPN) services  TLS Session Key - R/W  IKE Preshared key - W  IPsec Session Key - W  IPsec Authentication Key - W Create and Create and monitor Command Status Firewall Authentication Keys - R configure bypass IPsec policy table that Output Key Agreement Key - R mode governs alternating TLS Session Authentication Key - R/W bypass mode TLS Session Key - R/W Manage mail Used when running Command Status Firewall Authentication Keys - R services ‘sendmail’ service on Output Key Agreement Key - R a Firewall Enterprise TLS Session Authentication Key - R/W appliance TLS Session Key - R/W Manage web filter Manages Command Status Firewall Authentication Keys - R configuration with Output Key Agreement Key - R the SmartFilter TLS Session Authentication Key - R/W TLS Session Key - R/W Manage Control Verifies registration Command Status Firewall Authentication Keys - R Center and oversees Output Key Agreement Key - R communication communication TLS Session Authentication Key - R/W among the Control TLS Session Key - R/W Center and managed Firewall Enterprise appliances Perform self-tests Run self-tests on Command Status None demand via reboot Output Enable FIPS mode Configures the Command Status Firewall Authentication Keys - R module in FIPS mode Output Key Agreement Key - R TLS Session Authentication Key - R/W TLS Session Key - R/W Show status Allows Crypto- Command Status None Officer to check Output whether FIPS mode is enabled McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 11 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Service Description Input Output CSP and Type of Access Zeroize Zeroizes the module None None Common Access Card Authentication keys - R/W to the factory default Firewall Authentication public/private keys - R/W state Peer public keys - R/W Local CA public/private keys - R/W IKE Preshared Key - R/W IPsec Session Authentication Key - R/W Administrator Passwords - R/W SSL CA key - R/W SSL Server Certificate key - R/W 2.4.2 User Role Users employ the services of the modules for establishing VPN7 or TLS connections via Ethernet port. Access to these services requires the operator to first authenticate to the module. Descriptions of the services available to the Users are provided in Table 4 below. Table 4 – User Services Service Description Input Output CSP and Type of Access Establish an Establish a TLS Command Secure TLS Firewall Authentication Keys - R authenticated TLS connection (requires session Key Agreement Key - R connection operator established  TLS Session Authentication Key - R/W authentication) TLS Session Key - R/W SSL CA key - R SSL Server Certificate key - R Establish a VPN Establish a VPN Command Secure VPN Firewall Authentication Keys - R connection connection over tunnel Key Agreement Key - R IPsec tunnel established IKE Session Authentication Key - W IKE Session Key – W IKE Preshared Key - R IPsec Session Key – R/W IPsec Authentication Key – R/W 2.4.3 Network User Role The Network User role is defined as users within the secured network who have been given access to the device by a security policy rule granted by the Crypto-Officer. Network users communicate via plaintext connections (bypass). The Network User role does not require authentication. Table 5 lists all the services that are available to the Network User role. Table 5 – Network User Services Service Description Input Output CSP and Type of Access Establish a plaintext Establish a plaintext Command Traffic in None connection connection plaintext 2.4.4 Authentication Mechanism While the module implements authentication mechanisms, there are no claims made regarding the authentication mechanisms meeting FIPS requirements beyond Level 1. However, the module employs the authentication methods described in Table 6 to authenticate Crypto-Officers and Users. VPN – Virtual Private Network 7 McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 12 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Table 6 – Authentication Mechanisms Employed by the Module Role Type of Authentication Authentication Strength Crypto-Officer Password Passwords are required to be at least 8 characters long. The password requirement is enforced by the Security Policy. The maximum password length is 64 characters. Case-sensitive alphanumeric characters and special characters can be used with repetition, which gives a total of 94 characters to choose from. The chance of a random attempt falsely succeeding is 1:948, or 1: 6,095,689,385,410,816. This would require about 60,956,893,854 attempts in one minute to raise the random attempt success rate to more than 1:100,000. The fastest connection supported by the module is 1 Gbps. Hence, at most 60,000,000,000 bits of data (1000 × 106 × 60 seconds, or 6 x 1010) can be transmitted in one minute. At that rate and assuming no overhead, a maximum of 812,759 attempts can be transmitted over the connection in one minute. The maximum number of attempts that this connection can support is less than the amount required per minute to achieve a 1:100,000 chance of a random attempt falsely succeeding. Common Access Card One-time passwords are required to be at least 8 characters long. The password requirement is enforced by the Security Policy. The maximum password length is 128 characters. The password consists of a modified base-64 alphabet, which gives a total of 64 characters to choose from. With the possibility of using repeating characters, the chance of a random attempt falsely succeeding is 1:648, or 1:281,474,976,710,656. This would require about 2,814,749,767 attempts in one minute to raise the random attempt success rate to more than 1:100,000. The fastest connection supported by the module is 1 Gbps. Hence, at most 60,000,000,000 bits of data (1000 × 106 × 60 seconds, or 6 x 1010) can be transmitted in one minute. At that rate, and assuming no overhead, a maximum of only 937,500,000 8-character passwords can be transmitted over the connection in one minute. The maximum number of attempts that this connection can support is less than the amount required per minute to achieve a 1:100,000 chance of a random attempt falsely succeeding. McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 13 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Role Type of Authentication Authentication Strength User Password, Certificate, or IP Passwords are required to be at least 8 characters long. The Address password requirement is enforced by the Security Policy. The maximum password length is 64 characters. Case-sensitive alphanumeric characters and special characters can be used with repetition, which gives a total of 94 characters to choose from. The chance of a random attempt falsely succeeding is 1:948, or 1: 6,095,689,385,410,816. This would require about 60,956,893,854 attempts in one minute to raise the random attempt success rate to more than 1:100,000. The fastest connection supported by the module is 1 Gbps. Hence, at most 60,000,000,000 bits of data (1000 × 106 × 60 seconds, or 6 x 1010) can be transmitted in one minute. At that rate and assuming no overhead, a maximum of 812,759 attempts can be transmitted over the connection in one minute. The maximum number of attempts that this connection can support is less than the amount required per minute to achieve a 1:100,000 chance of a random attempt falsely succeeding. Certificates used as part of TLS, SSH, and IKE8/IPsec are at a minimum 1024 bits. The chance of a random attempt falsely succeeding is 1:280, or 1:120,893 x 1024. The fastest network connection supported by the module is 1000 Mbps. Hence, at most 60,000,000,000 bits of data (1000 × 106 × 60 seconds, or 6 × 1010) can be transmitted in one minute. The passwords are sent to the module via security protocols IPsec, TLS, and SSH. These protocols provide strong encryption (AES 128-bit key at minimum, providing 128 bits of security) and require large computational and transmission capability. The probability that a random attempt will succeed or a false acceptance will occur is less than 1:2 128 x 844. 2.5 Physical Security McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 is a software module, which FIPS defines as a multi-chip standalone cryptographic module. As such, it does not include physical security mechanisms. Thus, the FIPS 140-2 requirements for physical security are not applicable. 2.6 Operational Environment The module was tested and found to be compliant with FIPS 140-2 requirements on the following operational environment and hardware:  Intel Xeon processor running VMware ESXi v4.1 with McAfee’s SecureOS v8.2 as the guest OS  McAfee Firewall Enterprise S7032 appliance All cryptographic keys and CSPs are under the control of the guest operating system, which protects the CSPs against unauthorized disclosure, modification, and substitution. IKE – Internet Key Exchange 8 McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 14 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 2.7 Cryptographic Key Management The module implements three software cryptographic libraries to offer secure networking protocols and cryptographic functionalities. The software libraries for MFE v8.2.1 are:  CLSOS Version 7.0.1.01 for 32-bit systems  CLSOS Version 7.0.1.01 for 64-bit systems  KCLSOS Version 8.2 Security functions offered by the libraries in FIPS mode of operation (and their associated algorithm implementation certificate numbers) are listed in Table 7. Table 7 – Approved Security Functions CLSOS CLSOS Approved Security Function KCLSOS 64-bit 32-bit Symmetric Key Advanced Encryption Standard (AES) 128/192/256-bit in CBC9, 1962 1961 - ECB10, OFB11, CFB12812 modes AES 128/192/256-bit in CBC, ECB modes - - 1963 Triple Data Encryption Standard (DES) 2- and 3-key options in CBC, 1274 1273 - ECB, OFB, CFB64 modes Triple-DES 2- and 3-key options in CBC mode - - 1275 Asymmetric Key RSA13 PKCS14 #1 sign/verify: 1024/1536/2048/3072/4096-bit 1016 1015 - RSA ANSI X9.31 key generation: 1024/1536/2048/3072/4096-bit 1016 1015 - Digital Signature Algorithm (DSA) signature verification: 1024-bit 627 626 - Secure Hash Standard SHA15-1, SHA-256, SHA-384, and SHA-512 1721 1720 1722 Message Authentication HMAC16 using SHA-1, SHA-256, SHA-384, and SHA-512 1183 1182 1184 Random Number Generators (RNG) ANSI17 X9.31 Appendix A.2.4 PRNG 1031 1030 1032 NOTE: As of December 31, 2010, the following algorithms listed in the table above are considered “deprecated” or “legacy use”. For details regarding algorithm deprecation, please refer to NIST Special Publication 800-131A.  Encryption using 2-key Triple DES  Random number generation using ANSI X9.31-1998  Digital signature generation using SHA-1  Digital signature verification using 1024-bit DSA  Digital signature generation and verification using 1024-bit RSA  HMAC generation and verification using key lengths less than 112 bits 9 CBC – Cipher-Block Chaining 10 ECB – Electronic Codebook OFB – Output Feedback 11 CFB128 – 128-bit Cipher Feedback 12 13 RSA – Rivest, Shamir, and Adleman PKCS – Public Key Cryptography Standard 14 SHA – Secure Hash Algorithm 15 HMAC – (Keyed-)Hash Message Authentication Code 16 ANSI – American National Standards Institute 17 McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 15 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Non-FIPS-Approved security functions offered by the libraries in FIPS mode of operation are listed in Table 8. Table 8 – Non-Approved Security Functions Used in FIPS Mode CLSOS CLSOS Security Function KCLSOS 64-bit 32-bit Diffie-Hellman (DH): 1024/2048 bits18 (key implemented implemented - agreement) RSA encrypt/decrypt19 (key transport): implemented implemented - 1024/1536/2048/3072/4096-bit RNG (used to seed the KCLSOS PRNG) - - - NOTE: As of December 31, 2010, the following algorithms listed in the table above are considered “deprecated”. For details regarding algorithm deprecation, please refer to NIST Special Publication 800-131A.  1024-bit Diffie-Hellman key agreement  1024-bit RSA key transport 18 Caveat: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) 19 Caveat: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 16 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 The module supports the CSPs listed below in Table 9. Table 9 – Cryptographic Keys, Cryptographic Key Components, and CSPs Generation / Key/CSP Key/CSP Type Output Storage Zeroization Use Input SNMPv3 Session AES 128-bit CFB key Internally generated Never exits the Resides in volatile Power cycle or Provides secured channel for Key (v7.0.1.03 using a non-compliant module memory in plaintext session SNMPv3 management only) method termination Common Access RSA 1024/2048-bit keys or Imported Never exits the Stored in plaintext on Erasing the Common Access Card Card DSA 1024/2048-bit keys electronically in module the hard disk system image Authentication for generation Authentication plaintext of one-time password keys Firewall RSA 1024/2048/4096-bit Internally generated or Encrypted form Stored in plaintext on Erasing the - Peer Authentication of TLS, Authentication keys or DSA 1024-bit keys imported via network port the hard disk system image IKE, and SSH sessions public/private keys electronically in or plaintext form - Audit log signing plaintext via local via local management port management port Peer public keys RSA 1024/2048/4096-bit Imported Never exit the Stored in plaintext on Erasing the Peer Authentication for TLS, keys or electronically in module the hard disk system image SSH, and IKE sessions DSA 1024-bit keys plaintext during handshake protocol Local CA20 RSA 1024/2048/4096-bit Internally generated Public key Stored in plaintext on Erasing the Local signing of firewall public/private keys keys or certificate the hard disk system image certificates and establish DSA 1024-bit keys exported trusted point in peer entity electronically in plaintext via local management port Key Establishment Diffie-Hellman 1024/2048- Internally generated Public exponent Resides in volatile Power cycle or Key exchange/agreement for keys bit keys, RSA electronically in memory in plaintext session TLS, IKE/IPsec and SSH 1024/1536/2048/3072/4096 plaintext, private termination sessions -bit keys component not exported 20 CA – Certificate Authority McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 17 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Generation / Key/CSP Key/CSP Type Output Storage Zeroization Use Input TLS Session HMAC SHA-1 key Internally generated Never exits the Resides in volatile Power cycle or Data authentication for TLS Authentication module memory in plaintext session sessions Key termination TLS Session Key Triple-DES, AES-128, AES- Internally generated Never exits the Resides in volatile Power cycle or Data encryption/decryption 256 module memory in plaintext session for TLS sessions termination IKE Session HMAC SHA-1 key Internally generated Never exists the Resides in volatile Power cycle or Data authentication for IKE Authentication module memory in plaintext session sessions Key termination IKE Session Key Triple-DES, AES-128, AES- Internally generated Never exits the Resides in volatile Power cycle or Data encryption/decryption 256 module memory in plaintext session for IKE sessions termination IKE Preshared Triple-DES, AES-128, AES- - Imported in Never exits the Stored in plaintext on Erasing the Data encryption/decryption Key 256 encrypted form module the hard disk system image for IKE sessions over network port or local management port in plaintext - Manually entered IPsec Session HMAC SHA-1 key - Imported in Never exits the - Stored in plaintext Power cycle Data authentication for IPsec Authentication encrypted form module on the hard disk sessions Key over network port - Resides in volatile or local memory management port in plaintext - Internally generated - Manually entered IPsec Session Key Triple-DES, AES-128, AES- Internally generated Never exits the Resides in volatile Power cycle Data encryption/decryption 256 module memory in plaintext for IPsec sessions McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 18 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Generation / Key/CSP Key/CSP Type Output Storage Zeroization Use Input IPsec Preshared Triple-DES, AES-128, AES- - Imported in Exported Stored in plaintext on Power cycle Data encryption/decryption Session Key 256 encrypted form electronically in the hard disk for IPsec sessions over network port plaintext or local management port in plaintext - Manually entered SSH Session HMAC-SHA1 key Internally generated Never exists the Resides in volatile Power cycle or Data authentication for SSH Authentication module memory in plaintext session sessions Key termination SSH Session Key Triple-DES, AES-128, AES- Internally generated Never exists the Resides in volatile Power cycle or Data encryption/decryption 256 module memory in plaintext session for SSH sessions termination Package DSA 1024-bit public key Externally generated Never exits the Hard coded in Erasing the Verifies the signature Distribution and hard coded in the module plaintext system image associated with a firewall Public Key image update package License DSA 1024-bit public key Externally generated Never exits the Hard coded in Erasing the Verifies the signature Management and hard coded in the module plaintext system image associated with a firewall Public Key image license Administrator PIN Manually or Never exits the Stored on the hard Erasing the Standard Unix authentication Passwords electronically module disk through one-way system image for administrator login imported hash obscurement Common Access 8-character (minimum) Internally generated; Exported Resides in volatile Password Common Access Card Card one-time ASCII string Manually or electronically in memory inside the expiration, authentication for password electronically encrypted form CAC Warder process session administrator login imported over TLS termination, or power cycle 32-bit CLSOS 16 bytes of seed value Internally generated by Never exits the Resides in volatile Power cycle Generates FIPS-Approved X9.31 PRNG seed KCLSOS ANSI X9.31 module memory in plaintext random number PRNG 32-bit CLSOS AES-256 Internally generated by Never exits the Resides in volatile Power cycle Generates FIPS-Approved ANSI X9.31 KCLSOS ANSI X9.31 module memory in plaintext random number PRNG key PRNG McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 19 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Generation / Key/CSP Key/CSP Type Output Storage Zeroization Use Input 64-bit CLSOS 16 bytes of seed value Internally generated by Never exits the Resides in volatile Power cycle Generates FIPS-Approved ANSI X9.31 KCLSOS ANSI X9.31 module memory in plaintext random number PRNG seed PRNG 64-bit CLSOS AES-256 Internally generated by Never exits the Resides in volatile Power cycle Generates FIPS-Approved ANSI X9.31 KCLSOS ANSI X9.31 module memory in plaintext random number PRNG key PRNG KCLSOS ANSI 16 bytes of seed value Internally generated by Never exits the Resides in volatile Power cycle Generates FIPS-Approved X9.31 PRNG seed non-Approved RNG module memory in plaintext random number KCLSOS ANSI AES-256 Internally generated by Never exits the Resides in volatile Power cycle Generates FIPS-Approved X9.31 PRNG key non-Approved RNG module memory in plaintext random number SSL CA key RSA 1024/2048-bit key or Internally generated Exported Stored in plaintext on Erasing the Signing temporary server DSA 1024/2048-bit key electronically in the hard disk system image certificates for TLS re- ciphertext via encryption network port or in plaintext via local management port SSL Server RSA 1024/2048-bit key or Internally generated or Exported Stored in plaintext on Erasing the Peer authentication for TLS Certificate key DSA 1024/2048-bit key imported electronically in the hard disk system image sessions (TLS re-encryption) electronically in ciphertext via plaintext via local network port or management port in plaintext via local management port McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 20 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 2.8 Self-Tests 2.8.1 Power-Up Self-Tests The MFE Virtual Appliance performs the following self-tests at power-up:  Software integrity check using HMAC SHA-256  Cryptographic algorithm tests o AES Known Answer Test (KAT) o Triple-DES KAT o SHA-1 KAT, SHA-256 KAT, SHA-384 KAT, and SHA-512 KAT o HMAC KAT with SHA-1, SHA-256, SHA-384, and SHA-512 o RSA KAT for sign/verify and encrypt/decrypt o DSA pairwise consistency check o ANSI X9.31 Appendix A.2.4 PRNG KAT for all implementations If any of the tests listed above fails to perform successfully, the module enters into a critical error state where all cryptographic operations and output of any data is prohibited. An error message is logged for the CO to review and requires action on the Crypto-Officer’s part to clear the error state. 2.8.2 Conditional Self-Tests The McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 performs the following conditional self-tests:  Continuous RNG Test (CRNGT) for all ANSI X9.31 implementations  RSA pairwise consistency test upon generation of an RSA keypair  DSA pairwise consistency test upon generation of an DSA keypair  Manual key entry test  Bypass test using SHA-1  Software Load Test using DSA signature verification Failure of the Bypass test or the CRNGT on the applicable KCLSOS PRNG implementation leads the module to a critical error state. Failure of any other conditional test listed above leads the module to a soft error state and logs an error message. 2.8.3 Critical Functions Self-Test The McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 performs the following critical functions self-test at power-up:  License Verification check 2.9 Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-2 Level 1 requirements for this validation. McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 21 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 3 Secure Operation The McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 meets Level 1 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-Approved mode of operation. Caveat: This guide assumes that a virtual environment is already setup and ready for accepting a new virtual appliance installation. 3.1 Crypto-Officer Guidance The Crypto-Officer is responsible for initialization and security-relevant configuration and management of the module. Please see the McAfee Firewall Enterprise, Virtual Appliance Installation Guide for more information on configuring and maintaining the module. 3.1.1 Installation The cryptographic module requires that the proper version be installed on the target hardware. The Crypto- Officer must have a McAfee-provided grant number in order to download the required image. Grant numbers are sent to McAfee customers via email after the purchase of a McAfee product. To download and install Firewall Enterprise version 8.2.1 for VMware ESXi 4.1, the Crypto-Officer must: 1. Download the Firewall Enterprise installer package a. In a web browser, navigate to www.mcafee.com/us/downloads. b. Enter the grant number, and then navigate to the appropriate product and version. c. Click View Available Downloads, and then click the link for the latest version. d. Click I Agree to accept the license agreement. e. Download the virtual image .zip file. 2. Download the product guide and release notes for the downloaded software version. a. Go to the McAfee Technical Support Service Portal at www.mysupport.mcafee.com. b. Under Self Service, click Product Documentation. c. Select the appropriate product and version. d. Download the version 8.2.1 installation guide. 3. Import the firewall a. Extract the .zip file you downloaded. b. Connect to your ESXi server using the VMware vSphere Client. c. From the menu bar, select File | Deploy OVF Template. The Deploy OVF Template window appears. d. Select the firewall file.  Select Deploy from file.  Click Browse to select the .ovf file you extracted.  Click Next. The OVF Template Details page appears. e. Click Next. The Name and Location page appears. f. Type a name for the firewall, and then click Next.  If the Ready to Complete page appears, proceed to Step i.  If the Network Mapping page appears, proceed to Step h.  If the Disk Format page appears, proceed to Step g. NOTE: This page appears only for ESXi 4.1 server. g. [For ESXi 4.1 server only] Select a format to store the virtual disks. You can select thin or thick provisioned format. Click Next. h. [Conditional] On the Network Mapping page, verify that unconfigured is selected in the Destination Networks drop-down list, then click Next. The Ready to Complete page appears. i. Review the summary. McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 22 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013  If you need to make any changes, click Back.  If the summary is correct, click Finish. When you click Finish, the firewall is uploaded to your ESXi server. 3.1.2 Initialization The Crypto-Officer is responsible for initialization and security-relevant configuration and management activities for the module through the management interfaces. Installation and configuration instructions for the module can also be found in the Secure Firewall Setup Guide, Secure Firewall Administration Guide, and this FIPS 140-2 Security Policy. The initial Administration account, including username and password for login authentication to the module, is created during the startup configuration using the Quick Start Wizard. The Crypto-Officer must set FIPS mode enforcement to ensure that the module is running in its FIPS- Approved mode of operation. 3.1.2.1 Setting FIPS Mode Enforcement Before enforcing FIPS on the module, the Admin Console CO must check that no non-FIPS-Approved service is running on the module. To view the services that are currently used in enabled rules, select “Monitor / Service Status”. The Service Status window appears as shown in Figure 4 below. If the window lists any non-FIPS-Approved protocols (such as telnet as shown below), then those protocols must be disabled before the module is considered to be in its Approved mode of operation. McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 23 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Figure 4 – Service Status The process to enable FIPS mode is provided below: Under “Policy/Application Defenses/ Defenses/HTTPS”, disable all non-Approved versions of 1. SSL, leaving only TLS 1.0 operational. Under “Maintenance / Certificate Management”, ensure that the certificates only use FIPS- 2. Approved cryptographic algorithms. Select “Maintenance / FIPS”. The FIPS check box appears in the right pane (shown in Figure 5). 3. Select “Enforce U.S. Federal Information Processing Standard”. 4. 5. Save the configuration change. Select “Maintenance / System Shutdown” to reboot the firewall to the Operational kernel to 6. activate the change. McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 24 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Figure 5 – Configuring For FIPS The Crypto-Officer is required to delete and recreate all required cryptographic keys and CSPs necessary for the module's secure operation (please refer to Section 4 of the McAfee Firewall Enterprise 8.2.0 FIPS 140-2 Configuration Guide for details regarding the CSP update process). The keys and CSPs existing on the module were generated outside of FIPS mode of operation, and they must now be re-created for use in FIPS mode. The CO must replace the keys and CSPs listed in Table 10. Table 10 – Required Keys and CSPs for Secure Operation Services Cryptographic Keys/CSPs Admin Console (TLS) Firewall Certificate/private key Control Center (TLS) Firewall Certificate/private key HTTPS21 Decryption (TLS) Firewall Certificate/private key TrustedSource (TLS) Firewall Certificate/private key Firewall Cluster Management (TLS) Firewall Certificate/private key Local CA/private key Passport Authentication (TLS) Firewall Certificate/private key IPsec/IKE certificate authentication Firewall Certificate/private key Audit log signing Firewall Certificate/private key SSH server Firewall Certificate/private key Administrator Passwords Firewall Certificate/private key The module is now operating in the FIPS-Approved mode of operation. HTTPS – Hypertext Transfer Protocol Secure 21 McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 25 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 3.1.3 Management Once configured to operate in FIPS-Approved mode, only FIPS-Approved and Allowed algorithms may be used. Non-FIPS-Approved services are disabled in FIPS mode of operation. The Crypto-Officer is able to monitor and configure the module via the web interface (GUI over TLS), SSH, serial port, or direct- connected keyboard/monitor. Detailed instructions to monitor and troubleshoot the systems are provided in the Secure Firewall Administration Guide. The Crypto-Officer should monitor the module’s status regularly for active bypass mode. The CO also monitor that only FIPS-Approved algorithms as listed in Table 7 are being used for TLS and SSH sessions. 3.1.3.1 Status Indicators The “show status” for FIPS mode of operation can be invoked by determining if the checkbox, shown in Figure 5, is checked. This can also be done via the CLI using the “cf fips query” command. The “show status” service as it pertains to bypass is shown in the GUI under VPN Definitions and the module column. For the CLI, the Crypto-Officer may enter “cf ipsec q type=bypass” to get a listing of the existing bypass rules, while “cf package list” will provide the module version number. The Crypto-Officer should monitor the module’s status regularly for Approved mode of operation and active bypass mode. If any irregular activity is noticed or the module is consistently reporting errors, then McAfee customer support should be contacted. 3.1.3.2 Zeroization In order to zeroize the module of all keys and CSPs, it is necessary to first rebuild the module’s image essentially wiping out all data from the module; the rebuild must be performed by McAfee. Once a factory reset has been performed, default keys and CSPs will be set up as part of the renewal process. These keys must be recreated as per the instructions found in Table 10. Failure to recreate these keys will result in a non-compliant module. For more information about resetting the module to a factory default, please consult the documentation that shipped with the module. 3.2 User Guidance When using key establishment protocols (RSA and DH) in the FIPS-Approved mode, the User is responsible for selecting a key size that provides the appropriate level of key strength for the key being transported. McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 26 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 4 Acronyms This section describes the acronyms used throughout the document. Table 11 – Acronyms Acronym Definition AES Advanced Encryption Standard ANSI American National Standards Institute BIOS Basic Input/Output System CAC Common Access Card CBC Cipher-Block Chaining CD Compact Disc CD-ROM Compact Disc – Read-Only Memory CFB Cipher Feedback CLI Command Line Interface CLSOS Cryptographic Library for SecureOS CMVP Cryptographic Module Validation Program CO Crypto-Officer CRNGT Continuous Random Number Generator Test CSEC Communications Security Establishment Canada CSP Critical Security Parameter DES Digital Encryption Standard DH Diffie-Hellman DoS Denial of Service DSA Digital Signature Algorithm ECB Electronic Codebook EDC Error Detection Code EMC Electromagnetic Compatibility EMI Electromagnetic Interference ESD Electrostatic Discharge FIPS Federal Information Processing Standard GUI Graphical User Interface HA High Availability HMAC (Keyed-) Hash Message Authentication Code HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 27 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.8 June 3, 2013 Acronym Definition IKE Internet Key Exchange IP Internet Protocol IPsec Internet Protocol Security KAT Known Answer Test KCLSOS Kernel Cryptographic Library for SecureOS LCD Liquid Crystal Display LDAP Lightweight Directory Access Protocol LED Light-Emitting Diode MAC Message Authentication Code MD Message Digest NAT Network Address Translation NIC Network Interface Card NIST National Institute of Standards and Technology NMI Nonmaskable Interrupt NMS Network Management System OFB Output Feedback OS Operating System PCI Peripheral Component Interconnect PKCS Public Key Cryptography Standard PRNG Pseudo Random Number Generator RADIUS Remote Authentication Dial-In User Service RC Rivest Cipher RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SQL Structured Query Language SSH Secure Shell SSL Secure Sockets Layer TLS Transport Layer Security USB Universal Serial Bus UTM Unified Threat Management VGA Video Graphics Array VPN Virtual Private Network McAfee Firewall Enterprise Virtual Appliance for VMware ESXi v4.1 Page 28 of 29 © 2013 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Prepared by: Corsec Security, Inc. 13135 Lee Jackson Memorial Hwy, Suite 220 Fairfax, VA 22033 United States of America Phone: +1 (703) 267-6050 Email: info@corsec.com http://www.corsec.com