Aruba 800 Series Manual do Utilizador Página 1

FIPS 140-2 Non-Proprietary Security Policy for Aruba AP-120 Series and Dell W-AP120 Series Wireless Access Points Version 1.4 February 20

10 3 Module Objectives This section describes the assurance levels for each of the areas described in the FIPS 140-2 Standard. In addition, it prov

11 3.2.2 Aruba AP-124 TEL Placement This section displays all the TEL locations on the Aruba AP-124. The AP124 requires a minimum of 3 TELs to be

12 Figure 2: AP-124 Back view Figure 3: AP-124 Left view Figure 4: AP-124 Right view Figure 5: AP-124 Top view

13 Figure 6: AP-124 Bottom view 3.2.3 Aruba AP-125 TEL Placement This section displays all the TEL locations on the Aruba AP-125. The AP125 requ

14 Figure 7: AP-125 Front view Figure 8: AP-125 Back view Figure 9: AP-125 Left view

15 Figure 10: AP-125 Right view Figure 11: AP-125 Top view

16 Figure 12: AP-125 Bottom view 3.2.4 Inspection/Testing of Physical Security Mechanisms Physical Security Mechanism Recommended Test Frequency

17 3.3 Modes of Operation The module has the following FIPS approved modes of operations: • Remote AP (RAP) FIPS mode – When the module is conf

18 5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, yo

19 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and th

20 represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. On

21 select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save the configuration. 6. If the stag

22 Linux implementation is not provided directly. Only Aruba-provided Crypto Officer interfaces are used. There is no user interface provided. 3

23 4 Roles, Authentication and Services 4.1 Roles The module supports the roles of Crypto Officer, User, and Wireless Client; no addi

24 4.1.2 User Authentication Authentication for the User role depends on the module configuration. When the module is configured as a Mesh AP, the

25 Authentication Mechanism Mechanism Strength Wireless Client WPA2-PSK (Wireless Client Role) For WPA2-PSK there are at least 95^16 (=4.4 x 10^31)

26 4.2 Services The module provides various services depending on role. These are described below. 4.2.1 Crypto Officer Services The CO role in e

27 Service Description CSPs Accessed (see section 6 below for complete description of CSPs) Creation/use of secure management session between mo

28 Service Description CSPs Accessed (see section 6 below for complete description of CSPs)  802.11i AES-CCM key  802.11i GMK  802.11i GT

29 4.2.4 Unauthenticated Services The module provides the following unauthenticated services, which are available regardless of role. No CSPs

1 INTRODUCTION ... 5

30 5 Cryptographic Algorithms FIPS-approved cryptographic algorithms have been implemented in hardware and firmware. The firmware supports the fo

31 6 Critical Security Parameters The following Critical Security Parameters (CSPs) are used by the module: CSP CSP TYPE GENERATION STORAGE And

32 CSP CSP TYPE GENERATION STORAGE And ZEROIZATION USE IKEv1/IKEv2 Diffie-Hellman Private key 1024-bit Diffie-Hellman private key Generated inte

33 CSP CSP TYPE GENERATION STORAGE And ZEROIZATION USE WPA2 PSK 16-64 character shared secret used to authenticate mesh connections and in remo

34 CSP CSP TYPE GENERATION STORAGE And ZEROIZATION USE 802.11i Group Master Key (GMK) 256-bit secret used to derive GTK Generated from approved

35 7 Self Tests The module performs the following Self Tests after being configured into either Remote AP mode or Remote Mesh Portal

36 For an ArubaOS OpenSSL AP module and ArubaOS cryptographic module KAT failure: AP rebooted [DATE][TIME] : Restarting System, SW FIPS KAT failed

4 4.2.2 User Services ...2

1 Introduction This document constitutes the non-proprietary Cryptographic Module Security Policy for the AP-120 series Wireless Access Points with

6 LAN Local Area Network LED Light Emitting Diode SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SPOE Serial &

7 2 Product Overview This section introduces the various Aruba Wireless Access Points, providing a brief overview and summary of the physical featu

8 2.1.1.1 Dimensions/Weight The AP has the following physical dimensions:  4.9” x 5.13” x 2.0” (124mm x 130mm x 51mm)  15oz (0.42 Kgs) 2.1.1.2

9 Label Function Action Status Flashing 2.4GHz Air monitor WLAN 5Ghz 5GHz Radio Status Off 5GHz radio disabled On - Amber 5GHz radio enabled in WL