Download (FIPS) 140-2 - Aviat Networks

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Transcript
Federal Information
Processing Standard
(FIPS) 140-2
What is it?
Why should you care?
SECURITY IS BECOMING A GROWING CONCERN
• The migration from TDM
to IP communication
networks has drastically increased
security risks
• Growing volume, types, and
intrinsic value of traffic makes it
infinitely more interesting for
hackers
• New technologies offer hackers
an ever growing number of
access points
AVIAT NETWORKS
AN UNSECURED MICROWAVE NETWORK CAN RESULT IN
• Lost data (your customer’s and/or your organization’s)
• Communications downtime
• Downtime of critical infrastructure
AVIAT NETWORKS
MICROWAVE REQUIRES MULTI-DIMENSIONAL SECURITY STRATEGY
AAA
Server
Overhead
Payload
Eavesdropping
RF site
security
Remote
access
Remote
access
Hacker
Crypto-officer
NOC
Troubleshooting,
investigation
New employee or contractor
AVIAT NETWORKS
WHAT IS FIPS?
• Federal Information
Processing Standards
• Published by NIST (National Institute of
Standards and Technology)
• 2 Main Standards
• CAVP:
Cryptographic Algorithm Validation
Program (FIPS 197 a.k.a. AES)
• CMVP:
Cryptographic Module Validation
Program (FIPS 140-2)
Publicly announced standardizations developed by the United States federal government
The strictest security standards on the market today!
AVIAT NETWORKS
FIPS 197: ADVANCED ENCRYPTION STANDARD (AES)
• THE Data Encryption standard for
federal government networks
• If federal agency specifies data
encryption, then FIPS 197 is
mandatory.
• Advanced Encryption Standard
(AES) specifies algorithm for
encrypting and decrypting
information
• Use
keys of 128, 192 and 256 bits
AVIAT NETWORKS
FIPS 140-2: SECURITY REQ FOR CRYPTOGRAPHIC MODULES
• Encryption security standard for
protecting IT systems that carry
sensitive but unclassified information
• Validates both hardware and software
• FIPS 140-2 Includes FIPS 197
• 4 Levels of increasing physical
security and access control
• Includes encryption and secure
management and access
AVIAT NETWORKS
WHERE IS FIPS 140-2 NEEDED?
Mandatory for federal
government (if information
must be cryptographically
protected)
Critical for any organization
wanting the highest level of
network security
AVIAT NETWORKS
FIPS 140-2 LEVELS
• FIPS validation can be obtained for a chip, a group of chips, a card, a
terminal – and includes all hardware and software
• Validation can be done at 4 different levels (1-4)
• Level
1: WEAK
• No identity-based authentication, anyone can use the common password to turn off
security
• Level 2: STRONG
• Mandates identity-based authentication, tamper evidence, etc)
• Level 3 and 4: VERY STRONG
• Must be pick-resistant, tamper-proof. Adds large cost and complexity to product to
support
Security is balance between level of protection and cost
FIPS 140-2 Level 2 is sweet spot for networking equipment
AVIAT NETWORKS
FIPS 140-2: SECURITY REQ FOR CRYPTOGRAPHIC MODULES
• Specifies 11 areas related to the secure design and implementation of a
cryptographic module.
Cryptographic module specification
• Cryptographic module ports and interfaces
• Roles, services, and authentication
• Finite state model
• Physical security
• Operational environment
• Cryptographic key management
• Electromagnetic interference/electromagnetic compatibility (EMI/EMC)
• Self-tests
• Design assurance
• Mitigation of other attacks
•
AVIAT NETWORKS
HOW DOES FIPS 140-2 MAKE NETWORKS MORE SECURE?
• Independent validation by an accredited lab
• Assurance that algorithms are secure
•
Example: Lab can check code submitted by manufacturer. Well known code library function
Glibc function is OK for general use but not quite random enough for encryption
• Assurance that algorithms were properly implemented
•
Example: OpenSSL vulnerability based on SSL heartbeat. This version of OpenSSL was
cryptographically secure but not properly implemented
FIPS 140-2 Ensures Strong Security Features Exist, Work and
Are Implemented Properly
AVIAT NETWORKS
KEY MICROWAVE SECURITY FEATURES
Should include three complementary security
feature sets:
§
Secure Management
Secure access & control over unsecured networks;
protects against hacking, accidental or intentional
misconfiguration and other network-impacting actions
§
Payload Encryption
Secures all payload and network management data on
airlink; prevents “eavesdropping” and “replay” attacks
for example
§
Integrated RADIUS capability
Enables centralized access control and remote AAA;
centralizes management of Eclipse user accounts
AVIAT NETWORKS
WHAT’S REQUIRED FROM MICROWAVE VENDORS
ADVANCED SECURITY
FUNCTIONALITY
(STRONG SECURITY SUITE)
PROVEN TO WORK AND
TO BE IMPLEMENTED
PROPERLY
(FIPS 140-2)
AVIAT NETWORKS
Aviat Networks has Achieved FIPS 140-2 Level 2 Validation
AVIAT NETWORKS
ECLIPSE FIPS 140-2 VALIDATION
SECURITY REQUIREMENTS SECTION
FIPS 140-2 LEVEL
Cryptographic Module Specification
3
Module Ports and Interfaces
2
Roles, Services and Authentication
2
Finite State Model
2
Physical Security
2
Operational Environment
N/A
Cryptographic Key Management
2
EMI/EMC
2
Self-Tests
2
Design Assurance
3
Mitigation of Other Attacks
AVIAT ACHIEVED
LEVEL 3 IN TWO
CRITERIA
MINIMUM LEVEL
ACHIEVED DETERMINES
OVERALL VALIDATION
LEVEL
N/A
AVIAT NETWORKS
THE INDUSTRY’S
MOST SECURE
MICROWAVE
RADIO…
IS NOW THE ONLY
CARRIER GRADE
RADIO WITH FIPS 1402 LEVEL 2
VALIDATION
AVIAT NETWORKS
W WW.AVIATNETWORKS.COM
Document related concepts

Cracking of wireless networks wikipedia, lookup

Distributed firewall wikipedia, lookup

Wireless security wikipedia, lookup

Computer security wikipedia, lookup

Unix security wikipedia, lookup

Security-focused operating system wikipedia, lookup

Cybercrime countermeasures wikipedia, lookup

Mobile security wikipedia, lookup

Computer and network surveillance wikipedia, lookup

Post-quantum cryptography wikipedia, lookup

Cryptography wikipedia, lookup

Cyber-security regulation wikipedia, lookup

Next-Generation Secure Computing Base wikipedia, lookup

Information security wikipedia, lookup

Airport security wikipedia, lookup

Cryptanalysis wikipedia, lookup

Cyberwarfare wikipedia, lookup

Similar
50 Word Company Description 100 Word
50 Word Company Description 100 Word