SmartGate® (Software Version: 4.5) FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 0.91 May 2006 © 2004-2006 AEP Networks This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy Table of Contents 1. INTRODUCTION......................................................................................................... 3 1.1 PURPOSE ................................................................................................................. 3 1.2 REFERENCES ........................................................................................................... 3 1.3 DOCUMENT ORGANIZATION ....................................................................................... 3 2. SMARTGATE V4.5 ..................................................................................................... 5 2.1 OVERVIEW ............................................................................................................... 5 2.2 MODULE INTERFACES................................................................................................ 5 2.3 ROLES AND SERVICES ............................................................................................... 7 2.3.1 Local Crypto Officer Role ................................................................................. 7 2.3.2 Remote Crypto Officer...................................................................................... 9 2.3.3 User Role ....................................................................................................... 11 2.3.4 Authentication Mechanisms............................................................................ 11 2.4 PHYSICAL SECURITY ............................................................................................... 12 2.5 OPERATIONAL ENVIRONMENT .................................................................................. 12 2.6 CRYPTOGRAPHIC KEY MANAGEMENT ....................................................................... 12 2.7 SELF-TESTS ........................................................................................................... 16 2.8 DESIGN ASSURANCE ............................................................................................... 17 2.9 MITIGATION OF OTHER ATTACKS .............................................................................. 17 3. SECURE OPERATION ............................................................................................. 18 3.1 CRYPTO OFFICER GUIDANCE ................................................................................... 18 3.1.1 Initial Setup..................................................................................................... 18 3.1.2 Management .................................................................................................. 20 3.1.3 Zeroization...................................................................................................... 21 3.2 REMOTE CRYPTO OFFICER GUIDANCE ..................................................................... 21 3.2.1 Management .................................................................................................. 21 3.3 USER GUIDANCE .................................................................................................... 22 4. ACRONYMS ............................................................................................................. 23 © 2004-2006 AEP Networks www.aepnetworks.com Page 2 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy 1. Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the SmartGate v4.5 from AEP Networks. This Security Policy describes how the SmartGate meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 -- Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/cryptval/. The SmartGate is referred to in this document as the SmartGate, the Module or the Server. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: · The AEP website (http://www.aepnetworks.com) contains information on the full line of products from AEP. The SmartGate product details can be found at: http://www.aepnetworks.com/products/ssl_vpn/smartgate/overview.htm . · The CMVP website (http://csrc.nist.gov/cryptval/) contains contact information for answers to technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: Vendor Evidence document Finite State Machine Other supporting documentation as additional references © 2004-2006 AEP Networks www.aepnetworks.com Page 3 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to AEP Networks. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to AEP Networks and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact AEP Networks. © 2004-2006 AEP Networks www.aepnetworks.com Page 4 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy 2. SMARTGATE V4.5 2.1 Overview SmartGate is one of the most comprehensive security products on the market. It is a client/server virtual private network (VPN) software security system that provides secure encrypted channels between users outside your network and the applications and data contained within your network. Fine-grain access control ensures that authorized users are allowed access to specific applications only. SmartGate enables organizations to provide secure access to organizational networks for remote employees, customers, and business partners. SmartGate is specifically designed to address the challenges of deploying and managing large VPN user populations. Section Section Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 1 4 Finite State Model 1 5 Physical Security N/A 6 Operational Environment 1 7 Cryptographic Key Management 1 8 EMI/EMC 1 9 Self-tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A Table 1 ­ Security Level per FIPS 140-2 Section 2.2 Module Interfaces The SmartGate is classified as a multi-chip standalone module that meets overall level 1 FIPS 140-2 requirements. The module is composed of a set of software binaries and is evaluated for use on a standard PC running RedHat Linux 7.2 or Sun Solaris 8. In addition to the binaries, the module consists of the integrated circuits of the motherboard, the central processing unit (CPU), random access memory (RAM), read only memory (ROM), PC case, keyboard, mouse, video interfaces, expansion cards, and other hardware components included in the PC such as hard disk, floppy disk, CD-ROM drive, power supply, and fans. Logically, the cryptographic boundary of the SmartGate is composed of the SmartGate software running on the Sun Solaris or RedHat Linux. © 2004-2006 AEP Networks www.aepnetworks.com Page 5 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy Figure 1 ­ Logical Block Diagram Physically, the cryptographic boundary of the module is the PC case, which physically encloses the complete set of hardware and software. Figure 2 ­ Physical Block Diagram © 2004-2006 AEP Networks www.aepnetworks.com Page 6 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy All of these physical interfaces are separated into logical interfaces defined by FIPS 140-2, as described in the following table: Module Physical Interface Logical Interface FIPS 140-2 Logical Interface Keyboard, mouse, CD-ROM, floppy Data received via the SmartGate Data Input Interface disk, and serial/USB/parallel/network Single Port Proxy (sgproxy) and data ports received as variables passed to the module's API Floppy disk, monitor, and Data output via the SmartGate Data Output Interface serial/USB/parallel/network ports Single Port Proxy (sgproxy) and data returned from the module's API Keyboard, CD-ROM, floppy disk, Data read from configuration files, Control Input mouse, power button, and data input via the SmartAdmin or Interface serial/USB/parallel/network port command line interface, and data received as variables passed to the module's API Floppy disk, LEDs, monitor, and Data output to log files, command Status Output serial/USB/parallel/network ports line interface, and the SmartAdmin Interface Web Adminstration tool Power Connector Power Interface Power Interface Table 2 ­Physical Ports and Logical Interfaces 2.3 Roles and Services The module supports three roles: Local Crypto Officer, Remote Crypto Officer, and Client User. The local administrator of the module assumes the Crypto Officer role and can configure the SmartGate via console administration (command line or GUI API calls) and manually editing configuration files. An operator assuming the role of Remote Crypto Officer has some administrative privileges but is limited to accessing SmartGate remotely through the SmartAdmin Web Tool (GUI API calls). Although not required by FIPS 140-2 at level 1, both roles require identity-based authentication; however, these authentication mechanisms are not tested on a Level 1 FIPS 140-2 validation. The Client User accesses the module's VPN services. 2.3.1 Local Crypto Officer Role The Local Crypto Officer (CO) is expected to install and configure the SmartGate. Once the SmartGate is running, the Local CO can perform all management, configuration and administration of the SmartGate. The Local CO can locally manage the SmartGate through console administration (command line or GUI API calls) and manually editing configuration files. There is no factory default password that allows access to the Local Crypto Officer role ("root" account for the Operating System). Instead, © 2004-2006 AEP Networks www.aepnetworks.com Page 7 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy SmartGate allows a user with administrative privileges on the host Operating System to completely manage the SmartGate and its users. The following table lists the Local Crypto Officer services. For a complete explanation of the Remote CO services see the SmartGate Administrator's Guide. Service Description Input Output CSP CSP Access Installation Installing the Commands Result of RSA Write SmartGate installation public/private key pair Login Authenticate the Login Result of Administrative Read Crypto Officer information login Crypto Officer attempt password Public/Private key To generate, change Command Status of RSA Read/Write configuration the size and test the options command, public/private RSA public/private response key pair key pair and results ANSI X9.31 Read RNG Seed- Key Write ANSI X9.31 Seed License View license Command License information and option information features OLR setup Server On-Line Command Command configuration Registration Setup options response Access Remote Command Command Permissions administrator and options response user permissions View proxy View Server single Command View port configuration port proxy option proxy status configuration Extensible Start, stop or Command Command components configure any third- options response party authentication methods Client Client software Command Command configuration packages options response customization Back up Back up current Command Command configuration configuration or options response restore files Uninstall Uninstall the server Command Command software options response Start/Restart/Stop Effects all the Server Command Status of services except the options command disabled third party authentication methods. The self tests are performed © 2004-2006 AEP Networks www.aepnetworks.com Page 8 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy Service Description Input Output CSP CSP Access during the module start/restart. Show status Status messages for Commands Status info the module written in log file to log file. Zeroization Reformatting the Command All Write hard-drive to zeroize options keys Table 3 ­ Local Crypto Officer Services, Descriptions, CSPs 2.3.2 Remote Crypto Officer The Remote Crypto Officer (CO) can perform most of the SmartGate's management, configuration and administration operations. The User does not have local access to SmartGate and therefore can perform only the functions allowed through the SmartAdmin web tool. Any registered user can be setup as Remote CO. The authentication used for the user is used to authenticate the Remote CO also. It should be noted that Remote Crypto Officer can be assigned varying levels (or degrees) of administrative control. There are five levels of administrative privileges for the Remote Crypto Officer. 1. None: Administrators at this level have the ability to view user information only. Access at this level may be limited to certain groups. 2. Minimal: Administrators at this level can only enable or disable users and edit a user's name in the event of a name change or a typographical error. Access at this level may be limited to administration of certain groups. 3. Restricted: In addition to those rights provided at the minimal level, administrators can view OLR info, and edit and delete end users. Access at this level may be limited to administration of certain groups. 4. Standard: In addition to those rights provided at the restricted level, administrators can add, edit, or delete all access permissions and groups. Access at this level may be limited to administration of certain groups. 5. Superuser: Administrators at this level have access to all settings and all groups. For the services available to the Remote CO, setup as Superuser, has a privilege as the Local CO. The following table lists the Remote Crypto Officer services. For a complete explanation of the Remote CO services see the SmartGate Administrator's Guide. © 2004-2006 AEP Networks www.aepnetworks.com Page 9 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy Service Description Privilege Input Output CSP CSP Level Access Managing View user All Commands Configuration Shared Read/ users information and and information Secret Write access configuration Key permissions data Enable, disable Minimal, users, edit user's Restricted, name Standard, Superuser Add and delete Restricted, users, edit all user Standard, information, view Superuser user's OLR data Managing Add, edit, rename, Standard, Commands Configuration groups merge, delete Superuser and information groups and configuration authentication data timeout values Web access Access and deny Standard, Commands Configuration control rules for web Superuser and information configuration data TCP access TCP access and Standard, Commands Configuration control deny rules Superuser and information configuration data OLR setup OLR webpage Superuser Configuration options data Administrator Manipulating Superuser Commands Configuration rights administrative user and information and privileges configuration data Port map Port Map table Superuser Configuration Configuration data displays the port data information map rules file for the specified server Configuration Authentication Superuser Commands Configuration methods, Proxy and information encryption configuration methods, data configuring server and host port, Logging and backup settings License License Key All Command License information information information Table 4 ­ Remote Crypto Officer Services, Descriptions, CSP's © 2004-2006 AEP Networks www.aepnetworks.com Page 10 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy 2.3.3 User Role The User roles access the modules VPN services and authenticates to the module using shared secret key. The User has access to the module's VPN and proxy services, authenticating during the establishment of a VPN session using a shared secret key. Service Role Input Output CSP CSP Access Description VPN session Use the VPN Encrypted/decrypted Encrypt/decry Session Read/Write services data pted data keys OLR Establish an API calls with Result of Shared Read/Write account with account information OLR secret shared secret and shared secret negotiation key key components Session Read/Write (transported via RSA) key VPN session Establish VPN API calls, including Result of Shared Read establishment session and proper messages to negotiation secret authenticate authenticate with and session using shared shared secret key key RDV Write secret key RDV Read encryption key FIPS 186- Write 2 Seed- Key FIPS 186- Write 2 Seed Ticket Write encrypting key Session Write key Proxy services Use proxy Data for proxies Data for services for use (wrapped in VPN proxies with VPN session) (wrapped in session VPN session) Table 5 ­ User Services, Descriptions, Inputs and Outputs 2.3.4 Authentication Mechanisms Passwords (Local Crypto Officer) and Shared secret key (Remote Crypto Officer, Client User) are used to authenticate and authorize users for access to various services based on user permissions and policies. © 2004-2006 AEP Networks www.aepnetworks.com Page 11 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy Role Authentication Strength Type Local Crypto Officer Passwords Passwords are required to be at least 6 characters in length. Considering only the case sensitive English alphabet and the numerals 0-9 using a 6 digit password with repetition, the number of potential passwords is 62^6, which equates to a 1 in 62^6 chance of false positive. User, Shared secrets A shared secret DES/3DES key is used to authenticate the Remote Crypto Officer User or Remote Crypto Officer to the module during the VPN handshake. This mechanism is as strong as the DES/3DES using a 56 (DES) or 112 (3DES) bit key, which equates to a 1 in 2^56 (DES) and 2^112 (3DES) chance of false positive. Table 6 ­ Roles supported, Authentication type and Strength of Authentication 2.4 Physical Security The physical security requirements do not apply to this module. SmartGate v4.5 is a software module and does not implement any physical security mechanisms. Although SmartGate consists entirely of software, the FIPS 140-2 evaluated platform is a standard PC which has been tested for and meets applicable Federal Communication Commission (FCC) Electromagnetic Interference (EMI) and Electromagnetic Compatibility (EMC) requirements for business use as defined in Subpart B of FCC Part 15. 2.5 Operational Environment The SmartGate runs on the general purpose Operating Systems, RedHat Linux or Sun Solaris, which must be configured for single user mode per NIST CMVP guidance for FIPS 140-2 compliance. The module was tested on Red Hat Linux 7.2 and Sun Solaris 8. Configuration of these Operating Systems for single user mode can be found in section 3. Secure Operation. 2.6 Cryptographic Key Management The module utilizes the following FIPS Approved software algorithm implementations: · AES (ECB, CBC, CFB, OFB) ­ FIPS 197 (certificate 35) Key Sizes: 128, 192, 256 bits · DES (ECB, CBC, CFB) ­ FIPS 46-3 (certificate 159) Key Sizes: 56 bits Note: DES can only be used for legacy systems. · Triple DES (ECB, CBC, CFB, OFB) ­ FIPS 46-3 (certificate 263) © 2004-2006 AEP Networks www.aepnetworks.com Page 12 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy Key Sizes: 112, 168 bits · SHA-1 ­ FIPS 180-2 (certificate 87) · DES-MAC ­ FIPS 113 (vendor affirmed; DES certificate 159) · RSA encryption/decryption (key transport) ­ PKCS#1 (certificate 11 for digital signature generation/verification) · ANSI X9.31 RNG ­ Appendix A.2.4 of ANSI X9.31 (certificate 9) · FIPS 186-2 RNG ­ General purpose implementation of FIPS 186-2 [(x-Change Notice); (SHA-1)] (certificate 9) The module implements the following non-FIPS Approved algorithm: RC4 MD5 Only FIPS Approved algorithms may be used when operating the Server in a FIPS 140-2 compliant manner. The module supports the following critical security parameters: Key Key type Generation Storage Zeroization Use Shared secret DES (56 bits), Agreed upon during Non-volatile Zeroized when the Used for key Triple-DES OLR - ½ of the key is memory user is deleted authenticating (112 bits) generated by the client, (hard drive - the user (non- the other ½ is plaintext) OLR sessions) generated by for client / SmartGate using the SmartGate FIPS Approved ANSI transactions X9.31 PRNG. Both the client and the SmartGate exchange their halves of the shared secret key encrypted by the OLR session key. Note: For non-FIPS authentication, the key is generated by client and sent to the SmartGate for the duration of session. OLR session DES (56 bits), Externally generated by Volatile Zeroized when not Used for client / key Triple-DES the client and sent to memory only needed or the SmartGate (168 bits), the SmartGate (plaintext) module reboots communication AES (128, encrypted by the RSA during the later 192, 256 bits) public key. half of OLR Session key DES (56 bits), Externally generated by Volatile Zeroized when not Used for client / Triple-DES the client and sent to memory only needed or the SmartGate (168 bits), the SmartGate (plaintext) module reboots after OLR is AES (128, encrypted by the Ticket successfully 192, 256 bits) Encrypting Key. completed © 2004-2006 AEP Networks www.aepnetworks.com Page 13 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy Crypto-Officer N/A Externally generated by Non-volatile Zeroized when the Authenticate password (local the Crypto-Officer and memory password is updated the Crypto- access) entered over a local (hard drive - with a new one Officer role port. plaintext) when logging into the console ANSI X9.31 Triple-DES Externally generated Non-volatile Zeroized by Used by ANSI PRNG seed (112 bits) predetermined value. memory uninstalling the X9.31 PRNG keys (hard drive ­ module and then plaintext) overwriting all addressable locations with a single character and reformatting the module's hard drive ANSI X9.31 Seed (64 bits) Internally generated by Volatile Zeroized when the Used by ANSI PRNG seed gathering entropy. memory only module reboots X9.31 PRNG (plaintext) RSA private RSA (1024 Internally generated Non-volatile Zeroized by Key transport key bits) using RSA key memory uninstalling the from client to generation seeded with (hard drive ­ module and then SmartGate the ANSI X9.31 PRNG. plaintext) overwriting all during OLR addressable locations with a single character and reformatting the module's hard drive RSA public key RSA (1024 Internally generated Non-volatile Zeroized by Key transport bits) using RSA key memory uninstalling the from client to generation seeded with (hard drive - module and then SmartGate the ANSI X9.31 PRNG. plaintext) overwriting all during OLR addressable locations with a single character and reformatting the module's hard drive DES-MAC key DES (56 bits) Externally generated Non-volatile Zeroized by Software predetermined value. memory uninstalling the integrity check (hard drive ­ module and then plaintext) in overwriting all module addressable binaries locations with a single character and reformatting the module's hard drive Authentication Triple-DES Internally generated Non-volatile Zeroized by Authentication & Proxy (112 bits) during OLR by ANSI memory uninstalling the server and communication X9.31 PRNG (hard drive ­ module and then Proxy server Key plaintext)overwriting all use shared addressable secret keys to locations with a exchange user single character and data. © 2004-2006 AEP Networks www.aepnetworks.com Page 14 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy reformatting the module's hard drive Random data 256 bits Externally generated by Volatile Zeroized when not For seeding the value (RDV) random data the client and sent to memory only needed or the FIPS 186-2 the SmartGate (plaintext) module reboots PRNG encrypted with the Shared Secret Key when the client initiates a session. RDV encryption AES (256 bits) Externally generated Non-volatile Zeroized by For encrypting key predetermined value. memory uninstalling the the RDV (hard drive ­ module and then plaintext) overwriting all addressable locations with a single character and reformatting the module's hard drive UID encryption AES (128 bits) Externally generated Non-volatile Zeroized by For encrypting key predetermined value. memory uninstalling the the user ID (hard drive ­ module and then plaintext) overwriting all addressable locations with a single character and reformatting the module's hard drive FIPS 186-2 Seed-Key Internally generated by Volatile Zeroized when not Used by FIPS PRNG Seed (160 bits) whitening RDV using memory only needed or the 186-2 PRNG Key DES with the shared (plaintext) module reboots secret key FIPS 186-2 Seed (96 bits) Internally generated by Volatile Zeroized when not Used by FIPS PRNG Seed whitening RDV using memory only needed or the 186-2 PRNG DES with the shared (plaintext) module reboots secret key Ticket DES (56 bits), Internally generated by Volatile Zeroized when not For encrypting Encrypting Key Triple-DES the FIPS 186-2 PRNG memory only needed or the the handshake (168 bits), (plaintext) module reboots session AES (128, messages 192, 256 bits) Table 7 ­ Listing of Key and Critical Security Parameters SmartGate securely administers all of its cryptographic keys, which include the server's public/private key pair; user shared secret keys, and ephemeral session keys. SmartGate stores and transmits all sensitive data in encrypted form. All session keys are ephemeral and are discarded immediately after use. Shared secret keys that are electronically © 2004-2006 AEP Networks www.aepnetworks.com Page 15 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy distributed during the optional database backup process are done so in encrypted form. 2.7 Self-Tests In order to prevent any secure data from being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The SmartGate includes an array of self-tests. Power-up self-tests: · Software integrity check: Verifying the integrity of the software binaries of the module using a DES-MAC. · AES Known Answer Test (KAT): Verifying the correct operation of the AES algorithm implementation · DES KAT: Verifying the correct operation of the DES algorithm implementation · Triple-DES KAT: Verifying the correct operation of the Triple-DES algorithm implementation · RSA encrypt/decrypt pair-wise consistency check: Verifying the correct operation of the RSA implementation · RSA sign/verify pair-wise consistency check: Verifying the correct operation of the RSA implementation · SHA-1 KAT: Verifying the correct operation of the SHA-1 algorithm implementation · ANSI X9.31 RNG KAT: Verifying the correct operation of the ANSI X9.31 RNG implementation · FIPS 186-2 RNG KAT: Verifying the correct operation of the FIPS 186-2 RNG implementation. Conditional self-tests: · RSA encrypt/decrypt pair-wise consistency check: Verifying that a newly generated or stored RSA key pair works properly · RSA sign/verify pair-wise consistency check: Verifying that a newly generated or stored RSA key pair works properly © 2004-2006 AEP Networks www.aepnetworks.com Page 16 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy · ANSI X9.31 Continuous RNG: Verifying the RNG has not failed to a constant value · FIPS 186-2 Continuous RNG: Verifying the RNG has not failed to a constant value The SmartGate will start its services only after all the self tests are passed. If the self tests are not passed, it enters an error state and logs the failure. All error conditions can be cleared by cycling the module's power. 2.8 Design Assurance AEP utilizes Microsoft Visual Source Safe (VSS) version 6.0 for its version control system. This software provides access control, versioning, and logging. 2.9 Mitigation of Other Attacks This section is not applicable. The SmartGate v4.5 does not claim to mitigate any attacks beyond the FIPS 140-2 level 1 requirements for this validation. © 2004-2006 AEP Networks www.aepnetworks.com Page 17 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy 3. SECURE OPERATION The SmartGate meets Level 1 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS Approved mode of operation. Operating the SmartGate without maintaining the following settings will remove the module from the FIPS Approved mode of operation. 3.1 Crypto Officer Guidance The Local Crypto Officer is responsible for installation and initialization of the module, configuration and management of the module, and removal of the module. More details on how to use the module can be found in the SmartGate Administrator's Guide. 3.1.1 Initial Setup There is no access control provided by the module until it has been installed and initialized. Therefore, the Crypto Officer must maintain control of the installation media. FIPS 140-2 mandates that a cryptographic module be limited to a single user at a time. Before the module can be installed, the Local Crypto Officer must have a standard PC running RedHat Linux or Sun Solaris, and these Operating Systems must be configured for single user mode. To ensure that RedHat Linux or Sun Solaris is running in single user mode, the Local Crypto Officer must delete or disable all accounts except for the root account. Additionally, to ensure only one user can be logged in at a time, the root account must be configured to only allow console access logins and all remote server services must be disabled (e.g., telnet or rlogin server daemon). The specific procedure to configure RedHat Linux System for single user is described below. a) Log in as the "root" user. b) Edit the system files /etc/passwd and /etc/shadow and remove all the users except "root" and the pseudo-users. Make sure the password fields in /etc/shadow for the pseudo-users are either a star (*) or double exclamation mark (!!). This prevents login as the pseudo-users. c) Edit the system file /etc/nsswitch.conf and make "files" the only option for "passwd", "group", and "shadow". This disables NIS and other name services for users and groups. d) In the /etc/xinetd.d directory, edit the files "rexec", "rlogin", "rsh", "rsync", "telnet", and "wu-ftpd", and set the value of "disable" to "yes". e) Reboot the system for the changes to take effect. © 2004-2006 AEP Networks www.aepnetworks.com Page 18 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy o More information can be found at: http://csrc.nist.gov/cryptval/140-1/CMVPFAQ.pdf The specific procedure to configure Solaris System for single user is described below. a) Login as the "root" user. b) Edit the system files /etc/passwd and /etc/shadow and remove all the users except "root" and the pseudo-users (daemon users). Make sure the password fields in /etc/shadow for the pseudo-users are either a star (*) or double exclamation mark (!!). This prevents login as the pseudo-users. Also make sure the shell for daemon users is /dev/null, or something else unexploitable. c) Edit the system file /etc/nsswitch.conf and make "files" the only option for "passwd", "group", and "shadow". This disables NIS and other name services for users and groups. d) Edit the system file /etc/inet/inetd.conf, and comment out all unnecessary services (by prepending a hash '#' to the beginning of each unnecessary service line). (generally) Unnecessary services: sadmind - Solstice network administration agent server rpc.ttdbserverd - Sun tool-talk server kcms_server - Kodak Color Management System server fs.auto - Sun font server cachefsd - NFS cache service rquotad - remote disk quota server rpc.metad - Disksuite remote metaset service rpc.metamhd - Disksuite remote multihost service rpc.metamedd - Disksuite component service ocfserv - Smartcard service dtspcd - Part of the CDE package rpc.cmsd - remote calendar server in.comsat - biff, mail notification server in.talkd - talk server gssd - RPC application authentication in.tnamed - deprecated name server rpc.smserverd - removable media device sensor service (disabling requires manual CD mounting) dcs - remote dynamic configuration server ftpd - ye olde FTP server ktkt_warnd - Kerberos warning server chargen - deprecated network service daytime - deprecated network time time - legacy time service © 2004-2006 AEP Networks www.aepnetworks.com Page 19 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy discard - deprecated network service echo - network 'echo' service ufsd - part of RPC in.uucpd - unix-to-unix copy server In short, you should be able to disable all services, so long as the Solaris machine is not part of any cluster environment. e) Disable service startup scripts within /etc/rc2.d. Many additional services (not bound to inetd) are started by default. To disable startup scripts, you may rename the files, just to be sure they don't begin with a cap-S (which denotes Startup). Disable startup scripts that are not pertinent to your setup. Suggestions: nscd - NIS-related snmpdx - SNMP services cachefs.daemon - NFS-caching rpc - Remote Procedure Call services sendmail - Sendmail lp - line printer daemon pppd - Point-to-point Protocol services uucp - Unix-to-Unix copy daemon ldap - LDAP services f) Reboot the system for the changes to take effect. The Local Crypto Officer password for the module is the default of the host Operating System after installation. It is recommended that this is changed immediately upon logging into the module after installation. Once the Operating System has been properly configured, the Local Crypto Officer ("root" account) can be used for installing/uninstalling software and creating/administrating SmartGate. For Server installing instructions refer to the SmartGate Administrator's Guide ­ Server Installation on UNIX Operating Systems. 3.1.2 Management The SmartGate provides numerous configuration options to ensure its versatility. FIPS 140-2 compliance demands the following options be configured as specified in the following: 1. The Authentication Encryption Method (AuthEncryptMethod) must be set to AES, 3DES or DES (SmartGate default is 3DES). 2. The SmartGate Encryption Methods (SGEncryptMethod) must be set to AES, 3DES or DES (SmartGate default is 3DES). 3. The Proxy Encryption Methods (ProxyEncryptMethod) must be set to AES, 3DES or DES (SmartGate default is 3DES). 4. RSA key pair for OLR must be set to use 1024 bytes or greater (SmartGate default is 1024). © 2004-2006 AEP Networks www.aepnetworks.com Page 20 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy 5. The Hash Method (HashMethod) must be set to SHA-1 (SmartGate default is SHA-1 and MD5). 6. The SmartGate Java Client must not be installed or must be disabled. Note: DES can only be used for legacy systems. For guidance on configuring these options, see the Console Administration sections of the SmartGate Administrator's Guide. The Local Crypto Officer should monitor the module's status by regularly checking the log information. If strange activity is indicated or the module is consistently having errors, then AEP customer support should be contacted. 3.1.3 Zeroization At the end of the life cycle of the module, the Local Crypto Officer must uninstall the module's software and then overwrite all addressable locations with a single character and reformat the hard drive which contained the software. This will zeroize all keys and other CSP's. 3.2 Remote Crypto Officer Guidance The Remote Crypto Officer can perform most of the SmartGate's management, configuration and administration operations. More details on how to use the module can be found in the SmartGate Administrator's Guide. 3.2.1 Management The SmartGate provides numerous configuration options to ensure its versatility. FIPS 140-2 compliance demands the following options be configured as specified in the following: 1. The Authentication Encryption Method (AuthEncryptMethod) must be set to AES, 3DES or DES (SmartGate default is 3DES). 2. The SmartGate Encryption Methods (SGEncryptMethod) must be set to AES, 3DES or DES (SmartGate default is 3DES). 3. The Proxy Encryption Methods (ProxyEncryptMethod) must be set to AES, 3DES or DES (SmartGate default is 3DES). 4. RSA key pair for OLR must be set to use 1024 bytes or greater (SmartGate default is 1024). 5. The Hash Method (HashMethod) must be set to SHA-1 (SmartGate default is SHA-1 and MD5). Note: DES can only be used for legacy systems. © 2004-2006 AEP Networks www.aepnetworks.com Page 21 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy For guidance on configuring these options, see the Using SmartAdmin Web Administration of the SmartGate Administrator's Guide. 3.3 User Guidance The User access the module's VPN functionality as a client. Although the User does not have any ability to modify the configuration of the module care should be taken not to provide authentication information and access codes to other parties. © 2004-2006 AEP Networks www.aepnetworks.com Page 22 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SmartGate® FIPS 140-2 Non-Proprietary Security Policy 4. ACRONYMS 3DES Triple DES AES Advanced Encryption Standard ANSI American National Standards Institute API Application Programming Interface CBC Cipher Block Chaining mode of operation CFB Cipher FeedBack mode of operation CLI Command Line Interface CMVP Cryptographic Module Validation Program CO Crypto Officer CPU Central Processing Unit CSP Critical Security Parameter DES Digital Encryption Standard ECB Electronic CodeBook mode of operation EMC Electromagnetic Compatibility EMI Electromagnetic Interference FCC Federal Communication Commission FIPS Federal Information Processing Standard KAT Known Answer Test LED Light Emitting Diode MAC Message Authentication Code NIST National Institute of Standards and Technology OFB Output FeedBack mode of operation OLR On-Line Registration OS Operating System PC Personal Computer RNG Random Number Generator RAM Random Access Memory RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SP Secure Platform TCP Transmission Control Protocol VSS Visual Source Safe VPN Virtual Private Network © 2004-2006 AEP Networks www.aepnetworks.com Page 23 of 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.