McAfee, Inc. McAfee Firewall Enterprise 1100E Hardware Version: 1100E; Firmware Version: 7.0.1.01.E12 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 2 Document Version: 0.4 Prepared for: Prepared by: McAfee, Inc. Corsec Security, Inc. 3965 Freedom Circle 10340 Democracy Lane, Suite 201 Santa Clara, California 95054 Fairfax, Virginia 22030 United States of America United States of America Phone: +1 (888) 847-8766 Phone: +1 (703) 267-6050 Prepared for: Prepared by: http://www.mcafee.com Email: info@corsec.com Security Policy, Version 0.4 May 12, 2011 Table of Contents 1  INTRODUCTION ......................................................................................................................... 5  1.1  PURPOSE ................................................................................................................................................................ 5  1.2  REFERENCES .......................................................................................................................................................... 5  1.3  DOCUMENT ORGANIZATION...............................................................................................................................5  2  MCAFEE FIREWALL ENTERPRISE 1100E ................................................................................... 6  2.1  OVERVIEW ............................................................................................................................................................. 6  2.2  MODULE SPECIFICATION ..................................................................................................................................... 8  2.3  MODULE INTERFACES ........................................................................................................................................... 8  2.4  ROLES AND SERVICES ........................................................................................................................................... 9  2.4.1  Crypto-Officer Role ........................................................................................................................... 9  2.4.2  User Role ........................................................................................................................................... 11  2.4.3  Network User Role ......................................................................................................................... 11  2.4.4  Authentication Mechanism ......................................................................................................... 12  2.5  PHYSICAL SECURITY ........................................................................................................................................... 13  2.6  OPERATIONAL ENVIRONMENT ......................................................................................................................... 13  2.7  CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................. 13  2.8  SELF-TESTS ......................................................................................................................................................... 21  2.8.1  Power-Up Self-Tests ...................................................................................................................... 21  2.8.2  Conditional Self-Tests ................................................................................................................... 21  2.9  MITIGATION OF OTHER ATTACKS .................................................................................................................... 21  3  SECURE OPERATION ................................................................................................................22  3.1  CRYPTO-OFFICER GUIDANCE ........................................................................................................................... 22  3.1.1  Initialization ..................................................................................................................................... 23  3.1.2  Management .................................................................................................................................... 27  3.1.3  Zeroization........................................................................................................................................ 27  3.1.4  Disabling FIPS Mode of Operation ........................................................................................... 27  3.2  USER GUIDANCE ................................................................................................................................................ 28  4  ACRONYMS ...............................................................................................................................29  Table of Figures FIGURE 1 – TYPICAL DEPLOYMENT SCENARIO ...................................................................................................................... 6  FIGURE 2 – MCAFEE FIREWALL ENTERPRISE 1100E ............................................................................................................ 7  FIGURE 3 – TAMPER-EVIDENT LABEL APPLICATION INSTRUCTION FOR MCAFEE FIREWALL ENTERPRISE 1100E....... 24  FIGURE 4 – REAR PANEL OF MCAFEE FIREWALL ENTERPRISE 1100E .............................................................................. 24  FIGURE 5 – SERVICE STATUS ................................................................................................................................................. 25  FIGURE 6 – CONFIGURING FOR FIPS ................................................................................................................................... 26  List of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION ........................................................................................................ 7  TABLE 2 – FIPS 140-2 LOGICAL INTERFACE MAPPINGS ..................................................................................................... 9  TABLE 3 – CRYPTO-OFFICER SERVICES ................................................................................................................................ 10  McAfee Firewall Enterprise 1100E Page 3 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 TABLE 4 – USER SERVICES ..................................................................................................................................................... 11  TABLE 5 – NETWORK USER SERVICES .................................................................................................................................. 11  TABLE 6 – AUTHENTICATION MECHANISMS EMPLOYED BY THE MODULE ...................................................................... 12  TABLE 7 – ALGORITHM CERTIFICATE NUMBERS FOR CRYPTOGRAPHIC LIBRARIES .......................................................... 13  TABLE 8 – NON-APPROVED SECURITY FUNCTIONS IMPLEMENTED IN THE MODULE .................................................... 15  TABLE 9 – LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS...................................... 16  TABLE 10 – SUMMARY OF FIREWALL ENTERPRISE DOCUMENTATION ............................................................................. 22  TABLE 11 – REQUIRED KEYS AND CSPS FOR SECURE OPERATION .................................................................................. 26  TABLE 12 – ACRONYMS......................................................................................................................................................... 29  McAfee Firewall Enterprise 1100E Page 4 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the McAfee Firewall Enterprise 1100E from McAfee, Inc. This Security Policy describes how the McAfee Firewall Enterprise 1100E meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. The McAfee Firewall Enterprise 1100E is referred to in this document as the 1100E, the crypto-module, or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:  The McAfee corporate website (http://www.mcafee.com) contains information on the full line of products from McAfee.  The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains:  Vendor Evidence document  Finite State Model document  Validation Submission Summary document  Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to McAfee. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to McAfee and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact McAfee. McAfee Firewall Enterprise 1100E Page 5 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 2 McAfee Firewall Enterprise 1100E 2.1 Overview McAfee, Inc. is a global leader in Enterprise Security solutions. The company’s comprehensive portfolio of network security products and solutions provides unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfeeThe McAfee Firewall Enterprise 1100E appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications. Consolidating all major perimeter security functions into one system, the McAfee Firewall Enterprise 1100E appliance is the strongest self-defending perimeter firewall in the world. Built with a comprehensive combination of high-speed application proxies, McAfee's TrustedSource™ reputation- based global intelligence, and signature-based security services, Firewall Enterprise defends networks and Internet-facing applications from all types of malicious threats, both known and unknown. Figure 1 – Typical Deployment Scenario Firewall Enterprise appliances are market-leading, next-generation firewalls that provide application visibility and control even beyond Unified Threat Management (UTM) for multi-layer security – and the highest network performance. Global visibility of dynamic threats is the centerpiece of Firewall Enterprise and one of the key reasons for its superior ability to detect unknown threats along with the known. Firewall Enterprise appliances deliver the best-of-breed in security systems to block attacks, including:  Viruses  Worms  Trojans  Intrusion attempts  Spam and phishing tactics  Cross-site scripting  Structured Query Language (SQL) injections  Denial of service (DoS)  Attacks hiding in encrypted protocols McAfee Firewall Enterprise 1100E Page 6 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 A Firewall Enterprise appliance is managed using a proprietary graphical user interface (GUI), referred as Admin Console, and a command line management interface. Hundreds of Firewall Enterprise appliances can be managed centrally using McAfee’s CommandCenter tool. Firewall Enterprise security features include:  Firewall feature for full application filtering, web application filtering, and Network Address Translation (NAT)  Authentication using local database, Active Directory, LDAP1, RADIUS2, Windows Domain Authentication, and more  High Availability (HA) for remote Internet Protocol (IP) monitoring  Geo-location filtering  Encrypted application filtering using TLS3 and IPsec4 protocols  Intrusion Prevention System  Networking and Routing  Management via Simple Network Management Protocol (SNMP) version 3 Although SNMP v3 can support AES encryption, it does not utilize a FIPS-Approved key generation method; therefore, the module has been designed to block the ability to view or alter critical security parameters (CSPs) through this interface. Also note that the SNMP v3 interface is a management interface for the McAfee Firewall Enterprise 1100E and that no CSPs or user data are transmitted over this interface. McAfee Firewall Enterprise 1100E is a 1U rack-mountable appliance appropriate for mid- to large-sized organizations. A front view of the cryptographic module is shown in Figure 2 below. Figure 2 – McAfee Firewall Enterprise 1100E The McAfee Firewall Enterprise 1100E is validated at the following FIPS 140-2 Section levels: Table 1 – Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and 2 Interfaces 3 Roles, Services, and Authentication 2 4 Finite State Model 2 1 LDAP – Lightweight Directory Access Protocol 2 RADIUS – Remote Authentication Dial-In User Service 3 TLS – Transport Layer Security 4 IPsec – Internet Protocol Security McAfee Firewall Enterprise 1100E Page 7 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Section Section Title Level 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key Management 2 5 8 EMI/EMC 2 9 Self-tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A 2.2 Module Specification The McAfee Firewall Enterprise 1100E is a multi-chip standalone hardware module that meets overall Level 2 FIPS 140-2 requirements. The cryptographic boundary of the 1100E is defined by the hard metal chassis, which surrounds all the hardware and software components. 2.3 Module Interfaces The McAfee Firewall Enterprise 1100E is a multi-chip standalone cryptographic module that meets overall Level 2 FIPS 140-2 requirements. Interfaces on the module can be categorized as the following FIPS 140- 2 logical interfaces:  Data Input Interface  Data Output Interface  Control Input interface  Status Output Interface All ports and interfaces are located at the front or back side of the hardware module. The front bezel of the chassis exposes a power button and a Liquid Crystal Display (LCD). The rear side of the module is populated with the following ports and interfaces:  Four (4) Ethernet ports  Two (2) Gigabyte Ethernet ports  Two (2) Universal Serial Bus (USB) ports  One (1) serial port  One (1) Video Graphics Array (VGA) port  Several Light-Emitting Diodes (LEDs)  Power button The ports and interfaces on the module’s connector panel are mapped to logical interfaces in Table 2 below. All of these physical interfaces are separated into logical interfaces defined by FIPS 140-2, as described in the following table: 5 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility McAfee Firewall Enterprise 1100E Page 8 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Table 2 – FIPS 140-2 Logical Interface Mappings FIPS 140-2 Interface McAfee Firewall Enterprise 1100E Physical Port Data Input Ethernet ports Data Output Ethernet ports Control Input Ethernet ports, serial port, USB ports, power button Status Output Ethernet ports, serial port, USB ports, VGA port, LEDs Power Power connector 2.4 Roles and Services The module supports role-based authentication. There are three authorized roles in the module that an operator may assume: a Crypto-Officer (CO) role, a User role, and a Network User role. Please note that the keys and Critical Security Parameters (CSPs) listed in the table indicate the type of access required:  Read: The CSP is read  Write: The CSP is established, generated, modified, or zeroized  Execute: The CSP is used within an Approved or Allowed security function or authentication mechanism 2.4.1 Crypto-Officer Role The Crypto-Officer role performs administrative services on the module, such as initialization, configuration, and monitoring of the module. Before accessing the module for any administrative service, the operator must authenticate to the module. The module offers management interfaces in three ways:  Administration Console  Command Line Interface (CLI)  SNMP v3 The Administration Console (or Admin Console) is the graphical software that runs on a Windows computer within the protected network. Admin Console is McAfee’s proprietary GUI management software tool that needs to be installed on a Windows based workstation. This is the primary management tool. All Admin Console sessions to the module are protected over secure TLS channel. Authentication of the administrator is through a username/password prompt checked against a local password database. CLI sessions are offered by the module for troubleshooting. The CLI is accessed locally over the serial port, while remote access is via Secure Shell (SSH) session. The CO authenticates to the module using a username and password. The crypto-module uses the SNMP v3 protocol for remote management, and to provide information about the state and statistics as part of a Network Management System (NMS). Services provided to the Crypto-Officer are provided in Table 3 below. McAfee Firewall Enterprise 1100E Page 9 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Table 3 – Crypto-Officer Services Service Description Type of Access Authenticate to the Admin Used when administrators login Write, execute Console to the appliance using the Firewall Enterprise Admin Console Authenticate to the Admin Used when administrators login Read, write, execute Console using Command Access to the appliance with CAC Card (CAC) authentication to access the Firewall Enterprise Admin Console Authenticate to the Admin CLI Used when administrators login Write, execute to the appliance using the Firewall Enterprise Admin CLI Authenticate to the Admin CLI Used when administrators login Read, write, execute using CAC to the appliance with CAC authentication to access the Firewall Enterprise Admin CLI Change password Allows external users to use a Write, execute browser to change their Firewall Enterprise, SafeWord PremierAccess, or LDAP login password Configure cluster Services required to Read, write, execute communication communicate with each other in Firewall Enterprise multi- appliance configurations Configure and monitor Virtual Used to generate and exchange Read, write, execute Private Network (VPN) accounts keys for VPN sessions and configure the user accounts Create and configure bypass Create and monitor IPsec policy Read, write, execute mode table that governs alternating bypass mode Manage mail services Used when running ‘sendmail’ Read, write, execute service on a Firewall Enterprise appliance Manage web filter Manages configuration with the Read, write, execute SmartFilter McAfee Firewall Enterprise 1100E Page 10 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Service Description Type of Access Manage CommandCenter Verifies registration and Read, write, execute communication oversees communication among the CommandCenter and managed Firewall Enterprise appliances Monitor status on SNMP Monitors non security relevant Read status of the module via SNMP v3 Perform self-tests Run self-tests on demand Execute Enable FIPS mode Configures the module in FIPS Read, write, execute mode Show status Allows Crypto-Officer to check Write, execute whether FIPS mode is enabled Zeroize Zeroizes the module to the Write, execute factory default state 2.4.2 User Role The User role has the ability to utilize the module’s data transmitting functionalities via Ethernet port. Descriptions of the services available to the Users are provided in the table below. Table 4 – User Services Service Description Type of Access Encrypt/decrypt Allow secure VPN into Execute corporate network over IPsec tunnel Bypass Access bypass capabilities of Execute the module 2.4.3 Network User Role The Network User role is defined as users within the secured network who have been given access to the device by a security policy rule granted by the Crypto-Officer. The CO defines security policy rules as to how a Network User is to communicate with other devices or computers. Table 5 lists all the services that are available to the Network User role. Table 5 – Network User Services Service Description Type of Access Communicate within the Communicate with other Read network devices or computers within the network McAfee Firewall Enterprise 1100E Page 11 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 2.4.4 Authentication Mechanism The module employs the following authentication methods to authenticate Crypto-Officers, Users, and Network Users. Table 6 – Authentication Mechanisms Employed by the Module Role Type of Authentication Authentication Strength Crypto-Officer Password Passwords are required to be at least 8 characters long. The password requirement is enforced by the Security Policy. The maximum password length is 64 characters. Alphanumeric characters can be used with repetition, which gives a total of 62 characters to choose from. The chance of a random attempt falsely succeeding is 1:628, or 1:218,340,105,584,896. Common Access Card The Common Access Card has a maximum password length of 128 characters. However, one time passwords are required to be at least 8 characters long. The password requirement is enforced by the Security Policy. Alphanumeric characters can be used with repetition, which gives a total of 62 characters to choose from. The chance of a random attempt falsely succeeding is 1:628, or 1:218,340,105,584,896. User Password Passwords are required to be at least 6 characters long. The password requirement is enforced by the Security Policy. The maximum password length is 64 characters. Alphanumeric characters can be used with repetition, which gives a total of 62 characters to choose from. The chance of a random attempt falsely succeeding is 1:626, or 1: 56,800,235,584. Network User Password, Certificate, or IP Passwords are required to be at least 6 characters Address long. The password requirement is enforced by the Security Policy. The maximum password length is 64 characters. Alphanumeric characters can be used with repetition, which gives a total of 62 characters to choose from. The chance of a random attempt falsely succeeding is 1:626, or 1:56,800,235,584. Certificates used as part of TLS, SSH, and IKE6/IPsec are at a minimum 1024 bits. The chance of a random attempt falsely succeeding is 1:280, or 1:120,893 x 1024 . The module also authenticates network users by IP address via firewall rules. 6 IKE – Internet Key Exchange McAfee Firewall Enterprise 1100E Page 12 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 2.5 Physical Security The McAfee Firewall Enterprise 1100E is a multi-chip standalone cryptographic module. The module is contained in a hard metal chassis which is defined as the cryptographic boundary of the module. The module’s chassis is opaque within the visible spectrum. The enclosure of the module has been designed to satisfy Level 2 physical security requirements. There are only a limited set of louvered vent holes provided in the cases, and these holes obscure the view of the internal components of the module. Tamper-evident labels are applied to the case to provide physical evidence of attempts to remove the case. The placement of tamper-evident labels can be found in Secure Operation section of this document. The tamper-evidence labels need to be inspected periodically for tamper evidence. The 1100E system has been tested and found conformant to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use). 2.6 Operational Environment The operational environment requirements do not apply to the McAfee Firewall Enterprise 1100E, because the module does not provide a general-purpose operating system (OS) to the user. The OS has limited operational environment and only the module’s custom written image can be run on the system. The module provides a method to update the firmware in the module with a new version. This method involves downloading a digitally signed firmware update to the module. 2.7 Cryptographic Key Management The module implements three firmware cryptographic libraries to offer secure networking protocols and cryptographic functionalities. The firmware libraries are the Cryptographic Library for SecureOS® (CLSOS) Version 7.0.1 for 32/64-bit systems and the Kernel Cryptographic Library for SecureOS® (KCLSOS) Version 7.0.1. Security functions offered by the libraries in FIPS mode of operation map to the certificates listed in Table 7. Table 7 – Algorithm Certificate Numbers for Cryptographic Libraries Approved or Allowed Security Functions 64-bit 32-bit Kernel Cryptographic Cryptographic Cryptographic Library for Library for Library for SecureOS® SecureOS® SecureOS® Symmetric Key Algorithm Advanced Encryption Standard (AES) 128-, 972 973 974 192-, 256-bit in CBC7, and ECB8 modes AES 128-, 192-, 256-bit in CFB9128 mode N/A N/A N/A (FIPS non-compliant) Triple-DES10 – 112- and 192-bit in CBC mode 765 766 767 (192-bit 7 CBC – Cipher-Block Chaining 8 ECB – Electronic Codebook 9 CFB – Cipher Feedback Block McAfee Firewall Enterprise 1100E Page 13 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Approved or Allowed Security Functions 64-bit 32-bit Kernel Cryptographic Cryptographic Cryptographic Library for Library for Library for SecureOS® SecureOS® SecureOS® only) Secure Hashing Algorithm (SHA) SHA-1, SHA-256, SHA-384, and SHA-512 941 942 943 Message Authentication Code (MAC) Function HMAC11 using SHA-1, SHA-256, SHA-384, 544 545 546 and SHA-512 Pseudo Random Number Generator (PRNG) ANSI12 X9.31 Appendix A.2.4 PRNG with 256- 549 550 551 bit AES Asymmetric Key Algorithm RSA13 PKCS14 #1 sign/verify: 1024-, 2048-, 469 470 Not 4096-bit implemented RSA ANSI X9.31 key generation: 1024-, 469 470 Not 2048-, 4096-bit implemented Digital Signature Algorithm (DSA) sign/verify 338 339 Not – 1024-bit implemented Diffie-Hellman (DH) key agreement: 1024 N/A N/A Not and 2048 bits15 implemented RSA encrypt/decrypt16 (key transport) N/A N/A Not implemented The module also implements the following non-Approved algorithms to be used in non-FIPS mode of operation. 10 DES – Data Encryption Standard 11 HMAC – (Keyed-)Hash MAC 12 ANSI – American National Standards Institute 13 RSA – Rivest, Shamir, and Adleman 14 PKCS – Public Key Cryptography Standard 15 Caveat: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) 16 Caveat: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) McAfee Firewall Enterprise 1100E Page 14 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Table 8 – Non-Approved Security Functions Implemented in the Module Approved or Allowed 64-bit Cryptographic 32-bit Cryptographic Kernel Cryptographic Security Functions Library for Library for Library for SecureOS® SecureOS® SecureOS® Blowfish Implemented Implemented Not implemented Rivest Cipher (RC) 4 Implemented Implemented Not implemented RC2 Implemented Implemented Not implemented Message Digest (MD) Implemented Implemented Not implemented 5 Single DES Implemented Implemented Not implemented McAfee Firewall Enterprise 1100E Page 15 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 The module supports the CSPs listed below in Table 9. Table 9 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs Key/CSP Key/CSP Type Generation / Output Storage Zeroization Use Input SNMP v3 Session AES 128-bit CFB Internally Never exits the Resides in Power cycle Provides secured Key Key generated but module volatile memory or session channel for SNMP v3 not FIPS in plaintext termination management that is Compliant not FIPS-approved Common Access RSA 1024-, 2048- Imported Never exits the Resides in Power cycle Common Access Card Card bit keys or DSA electronically in module plaintext on or session Authentication for Authentication 1024-, 2048-bit plaintext volatile memory termination generation of one- keys keys time password Firewall RSA 1024-, 2048-, Internally Encrypted form Stored in By command - Peer Authentication Authentication 4096-bit keys or generated or over Network plaintext on the of TLS, IKE, and SSH public/private DSA 1024-bit key imported port or local hard disk sessions keys electronically in management - Audit log signing plaintext via port in plaintext local management port Peer public keys RSA 1024-, 2048-, Imported Never exit the Resides in Power cycle Peer Authentication 4096-bit keys, electronically in module plaintext on or session for SSH and IKE DSA 1024-bit plaintext during volatile memory termination sessions keys handshake protocol McAfee Firewall Enterprise 1100E Page 16 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Key/CSP Key/CSP Type Generation / Output Storage Zeroization Use Input Local CA17 RSA Internally Public key Stored in By command Local signing of public/private 1024,2048,4096- generated certificate plaintext on the firewall certificates keys bit keys, exported hard disk and establish trusted DSA 1024-bit electronically in point in peer entity keys plaintext via local management port Key Diffie-Hellman Internally Public exponent Resides in Power cycle Key Establishment 1024,2048-bit generated electronically in volatile memory or session exchange/agreement keys keys, RSA plaintext, private in plaintext termination for TLS, IKE/IPsec and 1024,2048,4096- component not SSH sessions bit keys exported TLS Session HMAC SHA-1 key Internally Never exits the Resides in Power cycle Data authentication Authentication generated module volatile memory or session for TLS sessions Key in plaintext termination TLS Session Key Triple-DES, AES- Internally Never exits the Resides in Power cycle Data 128, AES-256 generated module volatile memory or session encryption/decryption in plaintext termination for TLS sessions IKE Session HMAC SHA-1 key Internally Never exists the Resides in Power cycle Data authentication Authentication generated module volatile memory or session for IKE sessions Key in plaintext termination 17 CA – Certificate Authority McAfee Firewall Enterprise 1100E Page 17 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Key/CSP Key/CSP Type Generation / Output Storage Zeroization Use Input IKE Session Key Triple-DES, AES- Internally Never exits the Resides in Power cycle Data 128, AES-256 generated module volatile memory or session encryption/decryption in plaintext termination for IKE sessions IKE Preshared Triple-DES, AES- - Imported in Never exits the Stored in By command Data Key 128, AES-256 encrypted module plaintext on the encryption/decryption form over hard disk for IKE sessions network port or local management port in plaintext - Manually entered IPsec Session HMAC SHA-1 key - Imported in Never exits the - Stored in By command Data authentication Authentication encrypted module plaintext on or power for IPsec sessions Key form over the hard disk cycle network port - Resides in Power cycle or local volatile management memory port in plaintext - Internally generated - Manually entered IPsec Session Key Triple-DES, AES- Internally Never exits the Resides in Power cycle Data 128, AES-256 generated module volatile memory encryption/decryption in plaintext for IPsec sessions McAfee Firewall Enterprise 1100E Page 18 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Key/CSP Key/CSP Type Generation / Output Storage Zeroization Use Input IPsec Preshared Triple-DES, AES- - Imported in Exported Stored in Power cycle Data Session Key 128, AES-256 encrypted electronically in plaintext on the encryption/decryption form over plaintext hard disk for IPsec sessions network port or local management port in plaintext - Manually entered SSH Session HMAC-SHA1 key Internally Never exists the Resides in Power cycle Data authentication Authentication generated module volatile memory or session for SSH sessions Key in plaintext termination SSH Session Key Triple-DES, AES- Internally Never exists the Resides in Power cycle Data 128, AES-256 generated module volatile memory or session encryption/decryption in plaintext termination for SSH sessions Package DSA 1024-bit Externally Never exits the Hard coded in Erasing the Verifies the signature Distribution public key generated and module plaintext system image associated with a Public Key hard coded in firewall update the image package License DSA 1024-bit Externally Never exits the Hard coded in Erasing the Verifies the signature Management public key generated and module plaintext system image associated with a Public Key hard coded in firewall license the image McAfee Firewall Enterprise 1100E Page 19 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Key/CSP Key/CSP Type Generation / Output Storage Zeroization Use Input Administrator PIN Manually or Never exits the Stored on the By command Standard Unix Passwords electronically module hard disk authentication for imported through one- administrator login way hash obscurement Common Access 8 character ASCII Internally Exported Resides in Password Common Access Card Card one-time string generated; electronically in volatile memory Expiration, authentication for password Manually or encrypted form inside the CAC Session administrator login electronically over TLS Warder process Termination, imported or Power cycle ANSI X9.31 16 bytes of seed Internally Never exits the Resides in Power cycle Generates FIPS PRNG seed value generated module volatile memory approved random in plaintext number ANSI X9.31 AES-128 Internally Never exits the Resides in Power cycle Generates FIPS PRNG key generated module volatile memory approved random in plaintext number McAfee Firewall Enterprise 1100E Page 20 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 2.8 Self-Tests 2.8.1 Power-Up Self-Tests The 1100E performs the following self-tests at power-up:  Firmware integrity check using SHA-1 Error Detection Code (EDC)  Approved algorithm tests o AES Known Answer Test (KAT) o Triple-DES KAT o SHA-1 KAT, SHA-256 KAT, SHA-384 KAT, and SHA-512 KAT o HMAC KAT with SHA-1, SHA-256, SHA-384, and SHA-512 o RSA KAT for sign/verify and encrypt/decrypt o DSA pairwise consistency check o ANSI X9.31 Appendix A.2.4 PRNG KAT for all implementations If any of the tests listed above fails to perform successfully, the module enters into a critical error state where all cryptographic operations and output of any data is prohibited. An error message is logged for the CO to review and requires action on the Crypto-Officer’s part to clear the error state. 2.8.2 Conditional Self-Tests The McAfee Firewall Enterprise 1100E performs the following conditional self-tests:  Continuous PRNG Test (CRNGT) all implementations of FIPS-Approved and non-FIPS-Approved random number generator  RSA pairwise consistency test upon generation of an RSA keypair  DSA pairwise consistency test upon generation of an DSA keypair  Manual key entry test  Bypass test using SHA-1  Firmware Load Test using DSA signature verification Failure in any of the tests listed above leads the module to a soft error state and logs an error message. 2.9 Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-2 Level 2 requirements for this validation. McAfee Firewall Enterprise 1100E Page 21 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 3 Secure Operation The McAfee Firewall Enterprise 1100E meets Level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-Approved mode of operation. 3.1 Crypto-Officer Guidance The Crypto-Officer is responsible for initialization and security-relevant configuration and management of the module. Please see McAfee’s Administration Guide for more information on configuring and maintaining the module. The Crypto-Officer receives the module from the vendor via trusted delivery services (UPS, FedEx, etc.). The shipment should contain the following:  McAfee Firewall Enterprise 1100E appliance  Media and Documents  Activation Certificate  Setup Guide  Port Identification Guide  Management Tools CD18  Secure Firewall Installation Media USB drive (for appliances without a CD-ROM19 drive)  Power cord  Rack mount kit The Crypto-Officer is responsible for the proper initial setup of the Admin Console Management Tool software and the 1100E. Setup of the Admin Console software is done by installing the software on an appropriate Windows® workstation. When you install the Management Tool, a link to the documents page is added to the “Start” menu of the computer. To view the Secure Firewall documents on the McAfee web site, select Start > Programs > McAfee > Firewall Enterprise > Online Manuals Table 10 provides a list of available Firewall Enterprise documents. Table 10 – Summary of Firewall Enterprise Documentation Document Description Secure Firewall Setup Guide Leads through the initial firewall configuration. Secure Firewall Administration Complete administration information on all firewall functions and Guide features. Secure Firewall FIPS 140-2 Includes procedures for hardware modifications, software Level 2 updates, and configuration changes that meet FIPS 140-2 security requirements. Secure Firewall Leads through the initial CommandCenter configuration. CommandCenter Setup Guide 18 CD – Compact Disc 19 CD-ROM – Compact Disc – Read-Only Memory McAfee Firewall Enterprise 1100E Page 22 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Document Description Secure Firewall Complete administration information on all CommandCenter CommandCenter functions and features. This guide is supplemented by the Administration Guide Secure Firewall Administration Guide. Common Access Card Describes how to configure Department of Defense Common Configuration Guide Access Card authentication for Admin Console, Telnet, and SSH on McAfee® Firewall Enterprise. It also describes login procedures. Online help Online help is built into Secure Firewall Management Tools programs. The Quick Start Wizard provides help for each configuration window. The Admin Console program provides help for each window, as well as comprehensive topic-based help. Note: A browser with a pop-up blocker turned on, must allow blocked content to view the Secure Firewall help. Additional product manuals, configuration-specific application notes, and the KnowledgeBase are available at http://mysupport.mcafee.com. 3.1.1 Initialization The Crypto-Officer is responsible for initialization and security-relevant configuration and management activities for the module through the management interfaces. Installation and configuration instructions for the module can also be found in the Secure Firewall Setup Guide, Secure Firewall Administration Guide, and Secure Firewall FIPS 140-2 Level 2 documents. The initial Administration account, including username and password for login authentication to the module, is created during the startup configuration using the Quick Start Wizard. The Crypto-Officer must perform three activities to ensure that the module is running in an approved FIPS mode of operation:  Apply tamper-evident labels  Set FIPS environment  Set FIPS mode enforcement 3.1.1.1 Applying Tamper-Evident Labels The CO must put tamper-evident labels on the module as described in the table below. Prior to affixing the labels, the front bezel must be attached and the module powered up. The front bezel protects the removable components (hard drives) at the front side. Additionally, the 1100E has removable power supplies and top panel. The labels should be placed on the appliance as shown in the figures (indicated by the red circles). Instructions to put the label to secure the hard drives and the top panel are described below as demonstrated in Figure 3. 1. Place a tamper-evident label overlapping front bezel and metal cover at the top to secure the disk drives, as shown in step 1 of Figure 3. 2. The cryptographic module’s top panel can be slide back and be removed. A label needs to be placed across the left side center as shown in step 2 of Figure 3. The label should be placed such that it is affixed to both the top cover and side of the chassis. McAfee Firewall Enterprise 1100E Page 23 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Step 1 Step 2 Figure 3 – Tamper-Evident Label Application Instruction for McAfee Firewall Enterprise 1100E The removable power supplies at the rear side of the module, as shown in Figure 4, are excluded from the security requirement. Hence the power supplies do not require to be sealed with a tamper-evident label. Figure 4 – Rear Panel of McAfee Firewall Enterprise 1100E After the labels are placed as instructed above, the module can be powered up and the Crypto-Officer may proceed with initial configuration. 3.1.1.2 Setting FIPS Environment The cryptographic module requires that firmware version 7.0.1.01 be upgraded with patch E12. While some models may have the patch version pre-installed, others may require upgrading. To check if the module is currently running version 7.0.1.01.E12, the Crypto-Officer must open the GUI-based administrative console provided with the module. Under the software management and manage packages table, the Crypto-Officer can see which firmware upgrade has been installed along with their versions. To perform the upgrade, the Crypto-Officer must first check the firmware to ensure they are running version 7.0.1.01. If this version is not running, the Crypto-Officer must take measures to upgrade the module to 7.0.1.01. If required, this upgrade can be performed through the GUI-based administrative console. If the module is being newly-built from the onboard virtual disk, then the Crypto-Officer will first need to set up the network configuration and enable the admin account with a new password. To update the module to 7.0.1.01.E12, the Crypto-Officer must: 1. Under "Software Management / Manage Packages" table, select "70101.E12"; McAfee Firewall Enterprise 1100E Page 24 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 2. Select download; 3. Select install; 4. Verify that the "Manage Packages" tab states that "70101.E12" is installed. 3.1.1.3 Setting FIPS Mode Enforcement Before enforcing FIPS on the module, the Admin Console CO must check that no non-FIPS-Approved service is running on the module. To view the services that are currently used in enabled rules, select “Monitor / Service Status”. The Service Status window appears as shown in Figure 5 below. If the window lists any non-FIPS-Approved protocols (such as telnet as shown below), then those protocols must be disabled before the module is considered to be in an approved FIPS mode of operation. Figure 5 – Service Status The process to enable FIPS mode is provided below: 1. Under “Policy/Application Defences/ Defenses/HTTPS”, disable all non-Approved versions of SSL, leaving only TLS 1.0 operational. 2. Under “Maintenance / Certificate Management”, ensure that the certificates only use FIPS approved cryptographic algorithms. 3. Select “Maintenance / FIPS”. The FIPS check box appears in the right pane (shown in Figure 6). 4. Select Enforce US Federal Information Processing Standard. 5. Save the configuration change. 6. Select “Maintenance / System Shutdown” to reboot the firewall to the Operational kernel to activate the change. McAfee Firewall Enterprise 1100E Page 25 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Figure 6 – Configuring For FIPS Whether the module has been upgraded to 7.0.1.01 from an earlier firmware, or shipped with 7.0.1.01 already present, it is required to delete and recreate all required cryptographic keys and CSPs necessary for the module's secure operation. The keys and CSPs existing on the module were generated outside of FIPS mode of operation, and they must now be re-created for use in FIPS mode. The CO must replace the keys and CSPs listed in Table 11. Table 11 – Required Keys and CSPs for Secure Operation Services Cryptographic Keys/CSPs Admin Console (TLS) Firewall Certificate/private key Command Center (TLS) Firewall Certificate/private key 20 HTTPS Decryption (TLS) Firewall Certificate/private key TrustedSource (TLS) Firewall Certificate/private key Firewall Cluster Management (TLS) Firewall Certificate/private key Local CA/private key Passport Authentication (TLS) Firewall Certificate/private key IPsec/IKE certificate authentication Firewall Certificate/private key Audit log signing Firewall Certificate/private key SSH server Firewall Certificate/private key 20 HTTPS – Hypertext Transfer Protocol Secure McAfee Firewall Enterprise 1100E Page 26 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Administrator Passwords Firewall Certificate/private key The module is now operating in the FIPS Approved mode of operation. For troubleshooting or assistance with enabling FIPS mode, the CO may download the FIPS 140-2 Setup guide at the following location: http://mysupport.mcafee.com. 3.1.2 Management The module can run in two different modes: FIPS-Approved and non-FIPS-Approved. While in a FIPS- Approved mode, only FIPS-Approved and Allowed algorithms may be used. Non-FIPS-Approved services are disabled in FIPS mode of operation. The Crypto-Officer is able to monitor and configure the module via the web interface (GUI over TLS), SSH, serial port, or VGA port. Detailed instructions to monitor and troubleshoot the systems are provided in the Secure Firewall Administration Guide. The Crypto-Officer should monitor the module’s status regularly for FIPS mode of operation and active bypass mode. The CO also monitor that only FIPS approved algorithms as listed in Table 7 are being used for TLS and SSH sessions. The “show status” for FIPS mode of operation can be invoked by deternining if the checkbox, shown in Figure 6, is checked. The “show status” service as it pertains to bypass is shown in the GUI under VPN Definitions and the module column. For the CLI, the Crypto-Officer may enter “cf ipsec q type=bypass” to get a listing of the existing bypass rules. If any irregular activity is noticed or the module is consistently reporting errors, then McAfee customer support should be contacted. 3.1.3 Zeroization In order to zeroize the module of all keys and CSPs, it is necessary to first rebuild the module’s image essentially wiping out all data from the module. Once a factory reset has been performed, default keys and CSPs will be set up as part of the renewal process. These keys must be recreated as per the instructions found in Table 11. Failure to recreate these keys will result in a non-compliant module. For more information about resetting the module to a factory default, please consult the documentation that shipped with the module. 3.1.4 Disabling FIPS Mode of Operation To take the module out of FIPS mode of operation, the Crypto-Officer must zeroize the CSPs as described in section 3.1.3 of this document. FIPS mode can be disabled from Admin Console window: 1. Select “Maintenance / FIPS”. The FIPS check box appears in the right pane. 2. Unselect Enforce US Federal Information Processing Standard (shown in Figure 6). 3. Save the configuration change. 4. Select “Maintenance / System Shutdown” and reboot the firewall to the Operational kernel to activate the change. McAfee Firewall Enterprise 1100E Page 27 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 3.2 User Guidance When using key establishment protocols (RSA and DH) in the FIPS-Approved mode, the User is responsible for selecting a key size that provides the appropriate level of key strength for the key being transported. McAfee Firewall Enterprise 1100E Page 28 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 4 Acronyms This section describes the acronyms used throughout the document. Table 12 – Acronyms Acronym Definition AES Advanced Encryption Standard ANSI American National Standards Institute CBC Cipher-Block Chaining CD Compact Disc CD-ROM Compact Disc – Read-Only Memory CFB Cipher Feedback CLI Command Line Interface CLSOS Cryptographic Library for SecureOS CMVP Cryptographic Module Validation Program CO Crypto-Officer CRNGT Continuous Random Number Generator Test CSP Critical Security Parameter DES Digital Encryption Standard DH Diffie-Hellman DoS Denial of Service DSA Digital Signature Algorithm ECB Electronic Codebook EDC Error Detection Code EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard GUI Graphical User Interface HA High Availability HMAC (Keyed-) Hash Message Authentication Code HTTPS Hypertext Transfer Protocol Secure IKE Internet Key Exchange IP Internet Protocol McAfee Firewall Enterprise 1100E Page 29 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.4 May 12, 2011 Acronym Definition IPsec Internet Protocol Security KAT Known Answer Test KCLSOS Kernel Cryptographic Library for SecureOS LCD Liquid Crystal Display LDAP Lightweight Directory Access Protocol LED Light Emitting Diode MAC Message Authentication Code MD Message Digest NAT Network Address Translation NIST National Institute of Standards and Technology NMS Network Management System OS Operating System PKCS Public Key Cryptography Standard PRNG Pseudo Random Number Generator RADIUS Remote Authentication Dial-In User Service RC Rivest Cipher RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SQL Structured Query Language SSH Secure Shell TLS Transport Layer Security USB Universal Serial Bus UTM Unified Threat Management VGA Video Graphics Array VPN Virtual Private Network McAfee Firewall Enterprise 1100E Page 30 of 31 © 2011 McAfee, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Prepared by: Corsec Security, Inc. 10340 Democracy Lane, Suite 201 Fairfax, VA 22030 Phone: (703) 267-6050 Email: info@corsec.com http://www.corsec.com