Dell W-AP92 Manual do Utilizador

1 FIPS 140-2 Non-Proprietary Security Policy for Aruba AP-92, AP-93, AP-105, AP-175 Dell W-AP92, W-AP93, W-AP105 and W-AP175 Wireless A

10 The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module

11 Label Function Action Status Flashing Ethernet link activity 11b/g/n 2.4GHz Radio Status Off 2.4GHz radio disabled On – Amber 2.4GHz radio ena

12 2.3.1 Physical Description The Aruba AP-105 Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, al

13 ENET Ethernet Network Link Status / Activity Off Ethernet link unavailable On – Amber 10/100Mbs Ethernet link negotiated On – Green 1000Mbs Eth

14 2.4.1 Physical Description The Aruba AP-175 Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, al

15 2.4.1.3 Indicator LEDs There is an array of LEDs which operate as follows: Table 5- AP-175 Indicator LEDs Label LED Position Function Action Sta

16 3 Module Objectives This section describes the assurance levels for each of the areas described in the FIPS 140-2 Standard. In addition, it prov

17 3.2.2 AP-92 TEL Placement This section displays all the TEL locations of the Aruba AP-92. The AP-92 requires a minimum of 3 TELs to be applied

18 Figure7 - Aruba AP-92 Tel placement right view Figure 8 - Aruba AP-92 Tel placement top view

19 Figure 9 - Aruba AP-92 Tel placement bottom view 3.2.3 AP-93 TEL Placement This section displays all the TEL locations of the Aruba AP-93. T

2

20 Figure 11 - Aruba AP-93 Tel placement left view Figure 12 - Aruba AP-93 Tel placement right view Figure 13 - Aruba AP-93 Tel placement botto

21 Figure 14 - Aruba AP-93 Tel placement top view 3.2.4 AP-105 TEL Placement This section displays all the TEL locations of the Aruba AP-105. T

22 Figure 16 - Aruba AP-105 Tel placement left view Figure 17 - Aruba AP-105 Tel placement right view Power Input Inlet Figure 18 - Aruba AP-105

23 Figure 19 - Aruba AP-105 Tel placement bottom view 3.2.5 AP-175 TEL Placement This section displays all the TEL locations of the Aruba AP-175.

24 Figure 20 - Aruba AP-175 Tel placement back view Figure 21 - Aruba AP-175 Tel placement left view Figure 22 - Aruba AP-175 Tel placement rig

25 Figure 23 - Aruba AP-175 Tel placement top view Figure 24 - Aruba AP-175 Tel placement bottom view 3.2.6 Inspection/Testing of Physical Secu

26 3.3 Modes of Operation The module has the following FIPS approved modes of operations: • Remote AP (RAP) FIPS mode – When the module is config

27 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and th

28 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network

29 the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of C

3 1 INTRODUCTION ...

30 represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. On

31 3.5 Logical Interfaces The physical interfaces are divided into logical interfaces defined by FIPS 140-2 as described in the foll

32 4 Roles, Authentication and Services 4.1 Roles The module supports the roles of Crypto Officer, User, and Wireless Client; no addi

33 4.1.2 User Authentication Authentication for the User role depends on the module configuration. When the module is configured as a Remote Mesh P

34 Authentication Mechanism Mechanism Strength Wireless Client WPA2-PSK (Wireless Client role) For WPA2-PSK there are at least 95^16 (=4.4 x 10^31)

35 4.2 Services The module provides various services depending on role. These are described below. 4.2.1 Crypto Officer Services The CO role in e

36 Service Description CSPs Accessed (see section 6 below for complete description of CSPs) Creation/use of secure management session between module

37 Service Description CSPs Accessed (see section 6 below for complete description of CSPs)  802.11i AES-CCM key  802.11i GMK  802.11i GTK Us

38  System status – SYSLOG and module LEDs  802.11 a/b/g/n  FTP  TFTP  NTP  GRE tunneling of 802.11 wireless user frames (when acting a

39 5 Cryptographic Algorithms FIPS-approved cryptographic algorithms have been implemented in hardware and firmware. The firmware supports the fol

4 3.2.5 AP-175 TEL Placement ...23 3.2.5.1

40 6 Critical Security Parameters The following Critical Security Parameters (CSPs) are used by the module: CSP CSP TYPE GENERATION STORAGE And

41 CSP CSP TYPE GENERATION STORAGE And ZEROIZATION USE IKEv1/IKEv2 Diffie-Hellman Private key 1024-bit Diffie-Hellman private key Generated inte

42 CSP CSP TYPE GENERATION STORAGE And ZEROIZATION USE WPA2 PSK 16-64 character shared secret used to authenticate mesh connections and in remo

43 CSP CSP TYPE GENERATION STORAGE And ZEROIZATION USE 802.11i Group Master Key (GMK) 256-bit secret used to derive GTK Generated from approved

44 7 Self Tests The module performs the following Self Tests after being configured into either Remote AP mode or Remote Mesh Portal

45 Self-test results are written to the serial console. In the event of a KATs failure, the AP logs different messages, depending on the error. F

5 1 Introduction This document constitutes the non-proprietary Cryptographic Module Security Policy for the AP-92, AP-93, AP-105 and AP-175 Wireles

6 GE Gigabit Ethernet GHz Gigahertz HMAC Hashed Message Authentication Code Hz Hertz IKE Internet Key Exchange IPSec Internet

7 2 Product Overview This section introduces the various Aruba Wireless Access Points, providing a brief overview and summary of the physical featu

8 The exact firmware versions tested were:  ArubaOS_6xx_6.1.2.3-FIPS  Dell_PCW_6xx_6.1.2.3-FIPS 2.1.1.1 Dimensions/Weight The AP has the follo

9 Label Function Action Status On – Green 2.4GHz radio enabled in 802.11n mode Flashing - Green 2.4GHz Air monitor or RF protect sensor 11a/n 5G