Page 7

Non-Proprietary Security Policy, Version 0.18

May 25, 2007

Nortel VPN Router 600, 1700, 1750, 2700, and 5000

Page 7 of 23

This document may be freely reproduced and distributed whole and intact including this copyright notice.

Section

Section Title

Level

EMI/EMC

Self-tests

Design Assurance

Mitigation of Other Attacks

N/A

Notice that N/A indicates "Not Applicable". EMI and EMC refer to Electromagnetic Interference and

Electromagnetic Compatibility, respectively.

1.2 Module Interfaces

The VPN Router 600, 1700, 1750, 2700, and 5000 are multi-chip standalone modules that meet overall level 2 FIPS

140-2 requirements. The cryptographic boundary of the VPN Router 600, 1700, 1750, 2700, and 5000 is defined by

the outer case of the modules that encloses the complete set of hardware and firmware components.

The VPN Routers are validated in three configurations as follows:

With no accelerator cards installed. The hardware version number for this configuration is 600, 1700, 1750,

2700, and 5000.

With the Hardware Accelerator card installed in the 1700, 1750, 2700 and 5000 Routers. The hardware

version number for this configuration is 1700, 1750, 2700 and 5000 with DM0011052.

With the Contivity Security Accelerator card installed in the 1750, 2700 and 5000 Routers. The hardware

version number for this configuration is 1750, 2700 and 5000 with DM0011085 and DM0011084.

The firmware version number (5.05_150) is the same for all configurations.

The VPN Routers are designed to be modular. They include a power supply, Dual In-line Memory Module (DIMM)

Random Access Memory (RAM), processors, hard disk, floppy drive and Peripheral Component Interconnect (PCI)

slots. The VPN Routers communicate with their clients via Local Access Network (LAN) and Wide Access

Network (WAN) network interface cards that can be factory installed or field installed. The following network

interface cards are available

Table 2 - Network Interface Cards Available

Factory Installable

Field Installable

Description

DM1004002

DM1011002

10/100 Ethernet Option Card

DM3919002

DM3919001

1000Base-SX Option Card

DM3919003

DM3919004

1000Base-T Option Card

DM3811001

DM3811002

56/64K Channel Service Unit/Data Service Unit (CSU/DSU) PCI Option

Card

DM2111015

DM2111016

Asymmetrical Digital Subscriber Line Annex A (ADSL) Option Card.

DM2111017

DM2111018

Asymmetrical Digital Subscriber Line Annex B (ADSL) Option Card.

DM1519006

DM1519003

ISDN - BRI S/T Option Card

DM1519005

DM1519004

ISDN - BRI U (US/Canada Only - ANSI Standard) Option Card

DM2111013

DM2111014

Half Height Single Port T1/FT1 E1 (G.703) w/CSU/DSU Option Card

1 The option cards are excluded from the security requirements of FIPS 140-2.