1(76&5((1;3 &U\SWRJUDSKLF 0RGXOH 6HFXULW\ 3ROLF\ Wr…†v‚Ã!% QIÃ(" %  Sr‰Ã6 Copyright Notice © Copyright NetScreen Technologies, Inc. 2001 May be reproduced only in its entirety [without revision] vv Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ ÃÃà 7DEOH RI &RQWHQWV $ 6FRSH RI 'RFXPHQW  % 6HFXULW\ /HYHO   & 5ROHV DQG 6HUYLFHV   ' ,QWHUIDFHV  ( ),36 &HUWLILFDWH 9HULILFDWLRQ  ) 6HFXULW\ 5HOHYDQW 'DWD ,WHP 65', 'HILQLWLRQV   0DWUL[ &UHDWLRQ RI 6HFXULW\ 5HOHYDQW 'DWD ,WHPV 65',V 9HUVXV WKH 6HUYLFHV 5ROHV ,GHQWLW\   *ORVVDU\  ,QGH[ ,;L $ 6FRSH RI 'RFXPHQW The NetScreen-5XP is an Internet security device integrating firewall, virtual private networking (VPN) and traffic shaping functionalities. Through the VPN, the NetScreen-5XP provides the following: • IPSec standard security • Data Encryption Standard (DES) and triple-DES encryption key management, and • manual and automated IKE (ISAKMP) • Use of RSA and DSA certificates The NetScreen-5XP also provides an interface for a user to locally configure or set policies through the Network port or Console port. The general components of the NetScreen-5XP include firmware and hardware. The main hardware components consist of a main processor, memory, flash and ASIC. The entire case is defined as the cryptographic boundary of the modules. The NetScreen-5XP’s physical configuration is defined as multi-chip standalone modules. % 6HFXULW\ /HYHO The NetScreen-5XP meets the overall requirements applicable to Level 2 security of FIPS 140-1. Table 1: Module Security Level Specification Security Requirements Section Level Cryptographic Module 2 Module Interfaces 2 Roles and Services 2 Finite State Machine 2 Physical Security 2 Software Security 3 Operating System Security N/A Key Management 2 Cryptographic Algorithms 2 EMI/EMC 3 Self-Test 2 Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ ÃÃà & 5ROHV DQG 6HUYLFHV TheNetScreen-5XP supports three distinct roles: Cryptographic Officer Role (Root): The module allows one Crypto-Officer. This role is assigned to the first operator who logs on to the module using the default user name and password. User Role (Admin): The Admin user can configure specific security policies. These policies provide the module with information on how to operate (e.g., configure access policies and VPN encryption with Triple-DES). Read-Only Role (Admin): This role can only perform a limited set of services. The module allows up to 20 Admin users, either in a User Role or in a Read-Only Role. • The NetScreen-5XP provides the following services: – Set: Writes configuration-to-configuration scripts – Unset: Clears or toggles off given configuration-to-configuration scripts – Get: Shows information about particular settings or runtime information – Clear: Erases some runtime memory – Exit: Logs out from a login session – Ping: Checks the network connection to another system – Reset: Reboots the device – Save: Saves the configuration data – Policy Enforcement: The state of the module in terms of how to handle the packets – Exec: Executes or updates dynamic entries, such as DHCP, time, DSA/RSA key pair, DNS entries, software key, and trace route • The NetScreen-5XP supports both role-based and identity-based authentication for each role. – Role-based authentication provides a user name and password but the actual authentication occurs at a RADIUS server. – All other forms of authentication (DSA signature, local database) are classified as identity based. ! Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ÃÃà ' ,QWHUIDFHV • The NetScreen-5XP provides a number of interfaces: – Two Ethernet interfaces (RJ45) labelled Trusted and Untrusted. These interfaces are the network ports. – Console port: DB9 serial port connector. – Hardware reset button. When the user resets the device, the NetScreen-5XP will boot up using the original factory default configuration. Any current existing configuration settings will be lost, and the firewall and VPN service rendered inoperative. – Power interface. – Four LED status interfaces. (a) One Power status LED: Illuminates solid green when power is supplied to the NetScreen-5XP. (b) One Module status LED: Illuminates solid green when the NetScreen-5XP is first powered up and the units first perform diagnostics. During start-up, the LED blinks orange, after which the LED starts to blink green. If an error is detected, then the LED illuminates red. The LED changes to yellow when the unit writes to flash. (c) Two Network status LEDs (for the Trusted and Untrusted ports): Each Ethernet port has one LED which indicates link and network activity. Setting FIPS Mode By default, on the first power-up, the module is in non-FIPS mode. To set the module to FIPS mode, assign a system IP address and execute “set fips-mode enable”. The module can be set to FIPS mode only through the CLI. This command will perform the following: • Disable administration via SSL • Disable loading configuration file from the TFTP server • Disable administration via Global • Disable administration via Global PRO • Disable administration via SNMP Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ " ÃÃà • Disable debug service Execute the “save” command. Execute the “reset” command. Please note the following: • The derivation of keys for ESP-Encryption and ESP-Authentication using a user’s password is in non-FIPS mode. • User names and passwords are case-sensitive. • The NetScreen-5XP does not employ a maintenance interface or have a maintenance role. • When in FIPS mode, the NetScreen-500 WebUI only displays options that comply with FIPS regulations. (For example, the SSL, NS-Global, and NS- Global PRO management service options do not appear on the Interface Configuration page when FIPS mode is enabled.) • The output data path is logically disconnected from the circuitry and processes performing key generation or key zeroization. • The NetScreen-5XP provides a Show Status service via the GET service. • The NetScreen-5XP implement the following power-up self-tests: Device Specific Self-Tests: – Boot ROM firmware-self-test is via DSA signature – SDRAM read/write check – FLASH – ASIC chip test Algorithm Self-Tests: – DES, CBC mode, encrypt/decrypt – TDES, CBC mode, encrypt/decrypt – SHA-1 – RSA (encryption and signature) – DSA Sign/Verify – Exponentiation # Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ÃÃà 2WKHU 3DUDPHWHUV Note also that: • A pair-wise consistency test for the DSA and RSA (encryption and signature) key-pairs is employed. • Firmware can be loaded through Trivial File Transfer Protocol (TFTP), where a firmware loads test is performed via a DSA signature. • Keys are generated using a FIPS approved pseudo random number generator per ANSI X9.17, Appendix C. • For every usage of the FIPS-approved PRNG, a continuous PRNG self-test is performed. • In FIPS mode, only FIPS-approved algorithms are used. • Operators must be authenticated using user names and passwords. Authentication occurs locally. The user can be authenticated via a RADIUS server, which provides an external database for user role administrators. The NetScreen-5XP acts as a RADIUS proxy, forwarding the authentication request to the RADIUS server. The RADIUS server replies with either an accept or reject message. • The NetScreen-5XP allows up to two concurrent operators via SSH. • The first time an operator logs on to the module, the operator uses the default user name and password which is netscreen, netscreen. This user is assigned the Crypto-Officer role. • The Crypto-Officer is provided with the same set of services as the user with the exception of the set admin, unset admin, and unset all services. These services allow the Crypto-Officer to create a new user, change a current user’s user name and password, or delete an existing user. • HTTP page time-out set to 10 minutes as default; this is user configurable. • Telnet: The NetScreen-5XP allows up to two concurrent operators. Upon a login failure, the next prompt will not come up for an estimated 10 seconds., • The Crypto-Officer is authenticated via digital signature only when downloading new firmware. • The NetScreen-5XP’s chips are production-grade quality and include standard passivation techniques. • The NetScreen-5XP is contained within metal production-grade enclosure. Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ $ ÃÃà • The enclosures are opaque to visible spectrum radiation. • The enclosure includes a removable cover and is protected by a red tamper evident varnish applied to the screw that secures the enclosure. The locations of the tamper evident varnish are shown in Figure 1. Tamper Evident Mechanisms Figure 1 - Tamper Evident Mechanisms • The source code is annotated with detailed comments. • Ninety-five percent of the software within a cryptographic module is implemented using a high-level language (i.e., C); 5% is written in assembly due to performance issues and unavailability of a high-level language. • The NetScreen-5XP does not use third party applications. • The NetScreen-5XP generates an Initial Vector (IV) using a FIPS approved pseudo random number generator for the beginning of a session. The IV is incremented by one for each packet belonging to this session. • IKE, Diffie-Hellman (DH), and RSA encryption are employed for public key- based key distribution techniques, which are commercially available public key methods. • The policy is associated with keys located in the modules. The private/public key pair of the module is located at a certain and exact memory location of the flash. • All keys are stored in plaintext. • Electronically entered keys are input locally using a key loader. • All keys and unprotected security parameters can be zeroized through the Unset and Clear commands. • The NetScreen-5XP does not perform key archiving. % Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ÃÃà • Algorithms included in the NetScreen-5XP are: – RC2 – RC4 – MD5 – SHA-1 – RSA (encryption and signature) – DSA – TDES (CBC) – DES (CBC) – DH – HMAC – Blowfish • The NetScreen-5XP conforms to FCC part 15, class B. • On failure of any power-up self-test or conditional self-test, the module enters and stays in either the Algorithm Error State or the Device specific error state, depending on the self-test failure. The module then logs the error and the module status LED indicates that an error has occurred. It is the responsibility of the Crypto-Officer to return the module to NetScreen Technologies, Inc. for further analysis. ( ),36 &HUWLILFDWH 9HULILFDWLRQ In FIPS mode, during the loading of the X509 certificate, if the signing CA certificate cannot be found in the NetScreen-5XP, the following message is displayed: Please contact your CA’s administrator to verify the following finger print (in HEX) of the CA cert... xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx Do you want to accept this certificate y/[n]? Where x is one of (0, 1,2,3,4,5,6,7,8,9,A,B,C,D,E,F). Based on the result of the CA certificate fingerprint checking, the Crypto Officer accepts or denies the loaded certificates. Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ & ÃÃà ) 6HFXULW\ 5HOHYDQW 'DWD ,WHP 65', 'HILQLWLRQV Below is a list of Security Relevant Data Item (SRDI) definitions: • IPSEC Manual Key: Between end users, no IKE process involved • IPSEC Session Key: Encryption key between end-users • IKE Pre-shared Key: Pre-shared key for authentication between peer to peer • IKE Session Key: Encryption key between peer to peer • User Name and Password: Crypto-Officer and Users’ names and passwords • SCS Server/Host Key: RSA key pairs used in secure command shell (equivalent to SSH) • SCS DES Key: Encryption key to communicate via SCS (SHS) • DSA Public Key: Firmware-download authentication key • IKE DSA Key: DSA key pair used in IKE identity authentication • IKE RSA Key: RSA key pair used in IKE identify authentication • PRNG Key: ANSI X9.17 algorithm key required to generate pseudo-random numbers. These items are stored in volatile RAM. ' Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ÃÃà 0DWUL[ &UHDWLRQ RI 6HFXULW\ 5HOHYDQW 'DWD ,WHPV 65',V 9HUVXV WKH 6HUYLFHV 5ROHV ,GHQWLW\ The following matrices define the set of services to the Security Relevant Data Items (SRDIs) of the module, providing information on generation, destruction and usage. They also correlate the User roles and the Crypto-Officer roles to the set of services to which they have privileges. Crypto-Officer SRDI \ Services Set Unset Clear Get Policy Save Exec Exit Ping Reset Enforce- ment IPSEC Manual Key G D N/A U U U N/A N/A N/A N/A IPSEC Session Key N/A N/A D U G.U N/A N/A N/A N/A N/A IKE Pre-shared Key G D N/A U U U N/A N/A N/A N/A IKE Session Key N/A N/A D U G, U N/A N/A N/A N/A N/A User Name and Password G* D* N/A U U U N/A N/A N/A N/A SCS Server/Host G N/A D U G, U N/A N/A N/A N/A N/A Key SCS DES Key U U U U U U U U U U DSA Key N/A N/A D N/A U U G N/A N/A N/A HA Key G D N/A U N/A U N/A N/A N/A N/A IKE DSA Key U U D U U U G N/A N/A N/A IKE RSA Key U U D U U U G N/A N/A N/A PRNG Key N/A N/A D N/A U N/A N/A N/A N/A N/A G: Generate D: Delete U: Usage *G: The Crypto-Officer is authorized to change all authorized operators’ user names and passwords, but the user is only allowed to change his/her own user name and password. *D: The Crypto-Officer is authorized to remove all authorized operators. Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ ( ÃÃà User SRDI \ Services Set Unset Clear Get Policy Save Exec Exit Ping Reset Enforce- ment IPSEC Manual Key Set D N/A U U U N/A N/A N/A N/A IPSEC Session Key N/A N/A D U G.U N/A N/A N/A N/A N/A IKE Pre-shared Key G D N/A U U U N/A N/A N/A N/A IKE Session Key N/A N/A D U G, U N/A N/A N/A N/A N/A User Name and Password G* N/A N/A U U U N/A N/A N/A N/A SCS Server/Host Key G N/A D U G, U N/A N/A N/A N/A N/A SCS DES Key U U U U U U U U U U DSA Key N/A N/A D N/A U U G N/A N/A N/A HA Key G D N/A U N/A U N/A N/A N/A N/A IKE DSA Key U U D U U U G N/A N/A N/A IKE RSA Key U U D U U U G N/A N/A N/A PRNG Key N/A N/A D N/A U N/A N/A N/A N/A N/A G: Generate D: Delete U: Usage *G: The Crypto-Officer is authorized to change all authorized operators’ user names and passwords, but the user is only allowed to change his/her own user name and password.  Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ÃÃà Read-Only SRDI \ Services Get Exit Ping IPSEC Manual Key U N/A N/A IPSEC Session Key U N/A N/A IKE Pre-shared Key U N/A N/A IKE Session Key U N/A N/A User Name and Password U N/A N/A SCS Server/Host Key U N/A N/A SCS DES Key U U U DSA Key N/A N/A N/A HA Key U N/A N/A IKE DSA Key U N/A N/A IKE RSA Key U N/A N/A PRNG Key N/A N/A N/A G: Generate D: Delete U: Usage Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ ÃÃà ! Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ÃÃà *ORVVDU\ Authentication Header (AH). See ESP/AH. Authentication. Authentication ensures that digital data transmissions are delivered to the intended receiver. Authentication also assures the receiver of the integrity of the message and its source (where or whom it came from). The simplest form of authentication requires a user name and password to gain access to a particular account. Authentication protocols can also be based on secret-key encryption, such as DES, or on public-key systems using digital signatures. CLI. The command line interface. DHCP. The Dynamic Host Configuration Protocol used to dynamically assign IP addresses to networked computers. DNS. The Domain Name System maps domain names to IP addresses. ESP/AH. The IP level security headers, AH and ESP, were originally proposed by the Network Working Group focused on IP security mechanisms, IPSec. The term IPSec is used loosely here to refer to packets, keys, and routes that are associated with these headers. The IP Authentication Header (AH) is used to provide authentication. The IP Encapsulating Security Header (ESP) is used to provide confidentiality to IP datagrams. Internet Key Exchange (IKE). The method for exchanging keys for encryption and authentication over an unsecured medium, such as the Internet. Internet Protocol (IP). An Internet standard protocol that defines a basic unit of data called a datagram. A datagram is used in a connectionless, best-effort, delivery system. The Internet protocol defines how information gets passed between systems across the Internet. IP Security (IPSec). Security standard produced by the Internet Engineering Task Force (IETF). It is a protocol suite that provides everything you need for secure communications—authentication, integrity, and confidentiality—and makes key exchange practical even in larger networks. See also DES-CBC, ESP/ AH. ISAKMP. The Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for Internet key management and provides the specific protocol support for negotiation of security attributes. By itself, it does not establish session keys, however it can be used with various session key establishment protocols to provide a complete solution to Internet key management. MD5. Message Digest (version) 5, an algorithm that produces a 128-bit message digest (or hash) from a message of arbitrary length. The resulting hash is used, like a “fingerprint” of the input, to verify authenticity. Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ " ÃÃà RADIUS. Remote Authentication Dial-In User Service is a service for authenticating and authorizing dialup users. SHA-1. Secure Hash Algorithm-1, an algorithm that produces a 160-bit hash from a message of arbitrary length. (It is generally regarded as more secure than MD5 because of the larger hashes it produces.) # Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ÃÃà ÃDqr‘ ,QGH[ $ ) ),36  1 DOJRULWKP ),36 PRGH 3 HUURU VWDWH 7 VHOIWHVWV 4 + DOJRULWKPV 7 '(6 7 KDUGZDUH UHVHW 3 '+ 7 , '6$ 7 +0$& 7 ,.( 1 0' 7 ,.( '6$ .H\ 8 5& 7 ,.( 3UHVKDUHG .H\ 8, 9, 10, 11 ,.( 56$ .H\ 8 5& 7 ,.( 6HVVLRQ .H\ 8, 9, 10, 11 56$ 7 LQLWLDO YHFWRU 6+$ 7 ,9 6 7'(6 7 ,36(& 0DQXDO .H\ 8, 9, 10, 11 $16, ; 5, 8 ,36(& 6HVVLRQ .H\ 8, 9, 10, 11 % ,36HF VWDQGDUG VHFXULW\ 1 ,6$.03 1 %ORZILVK 7 / & /(' VWDWXV 3 &RQVROH SRUW 3 &U\SWRJUDSKLF 2IILFHU 2 0 PRGXOH VSHFLILFDWLRQ ' FU\SWRJUDSKLF DOJRULWKPV 1 'DWD (QFU\SWLRQ 6WDQGDUG '(6 1 FU\SWRJUDSKLF PRGXOH 1 '+&3 13 ILQLWH VWDWH PDFKLQH 1 '6$ NH\ 9, 10, 11 NH\ PDQDJHPHQW 1 '6$ SXEOLF NH\ 8 PRGXOH LQWHUIDFHV 1 RSHUDWLQJ V\VWHP VHFXULW\ 1 ( SK\VLFDO VHFXULW\ 1 (0,(0& 1 UROHV DQG VHUYLFHV 1 Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ DYv ÃÃà VHOIWHVW 1 FOHDU 2 H[HF 2 VRIWZDUH VHFXULW\ 1 H[LW 2 PRGXOH VWDWXV 3 JHW 2 1 SLQJ 2 SROLF\ HQIRUFHPHQW 2 QHWZRUN SRUWV 3 UHVHW 2 QHWZRUN VWDWXV 3 VDYH 2 VHW 2 3 XQVHW 2 SLQJ 2 65', 6HUYLFHV 9, 10, 11 SRZHU LQWHUIDFH 3 65',V 9 SRZHU VWDWXV 3 7 351* .H\ 8 WDPSHU HYLGHQW PHFKDQLVP 6 5 7)73 5 5HDG2QO\ 5ROH $GPLQ 2 7ULSOH'(6 1 5- 3 7ULYLDO )LOH 7UDQVIHU 3URWRFRO 7)73 5 6 8 6&6 8 XVHU QDPH 8 XVHU SDVVZRUG 6&6 '(6 .H\ 8, 9, 10, 11 8 8VHU 5ROH 2 6&6 6HUYHU+RVW .H\ 8, 9, 10, 11 6HFXULW\ 5HOHYDQW 'DWD ,WHPV 65',V 9 9 VHOIWHVWV GHYLFH VSHFLILF 4 YLUWXDO SULYDWH QHWZRUNLQJ 931 1 VHUYLFHV 931 1 DYvv Ir‡Tp…rr$YQÃ8…’ƒ‡‚t…hƒuvpÃH‚qˆyrÃTrpˆ…v‡’ÃQ‚yvp’ ÃÃÃ