Brocade® MLXe® and Brocade NetIron® CER Series

Brocade® MLXe® and Brocade NetIron® CER Series Ethernet Routers
FIPS 140-2 Non-Proprietary Security Policy
Level 2 with Design Assurance Level 3 Validation
Document Version 2.6
March 13, 2013
Revision History
Revision Date
Revision
Summary of Changes
11/27/2012
12/3/12
2.0
2.1
2/4/13
2.2
2/7/13
2.3
2/13/13
2.4
2/28/13
2.5
3/13/13
2.6
Updated Access Control Policy and CSP access table
Updated DRBG V and C zeroization method.
Added tables to list MLXe power supply and fan modules. Added a table to list
CER power supply modules. Updated information in sections 5.1 and 6.1.
Updated Figures 1, 2 and 3.
Added MLXe Switch Fabric Module Part Number table. Add power supply SKUs
to Power Supply part number table. Added MLXe Switch Fabric Module Part
Number table. Added Validated MLXe and CER configuration tables. Updated
zeroization information.
Changed bezel to filler panel in Section 2. In Section 5.1, I changed Firmware
Integrity Test (128-bit EDC) to Firmware Integrity Test (DSA 1024 bit, SHA-1
Signature Verification).
Added DSA 1024 SHA-1 Pairwise Consistency Test (Sign/Verify) to Section 5.1
para 3 b)
Added DES to the non-Approved and not allowed cryptographic methods list in
Section 6.1.1
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
© 2013 Brocade Communications Systems, Inc. All Rights Reserved.
All rights reserved.
This Brocade Communications Systems Security Policy for Brocade MLXe and Brocade NetIron CER embodies
Brocade Communications Systems' confidential and proprietary intellectual property. Brocade Systems retains
all title and ownership in the Specification, including any revisions.
This Specification is supplied AS IS and may be reproduced only in its original entirety [without revision].
Brocade Communications Systems makes no warranty, either express or implied, as to the use, operation,
condition, or performance of the specification, and any unintended consequence it may on the user
environment.
Brocade Communications Systems, Inc.
Page 2 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Table of Contents
GLOSSARY ............................................................................................................................................................. 6
1.
INTRODUCTION .............................................................................................................................................. 7
2.
OVERVIEW ...................................................................................................................................................... 7
2.1
BROCADE MLXE SERIES .................................................................................................................................... 8
2.2
BROCADE CER 2000 SERIES .......................................................................................................................... 13
2.3
PORTS AND INTERFACES .................................................................................................................................. 17
2.3.1
Brocade MLXe Series ........................................................................................................................ 17
2.3.2
MLX Management Cards ................................................................................................................... 17
2.3.3
Brocade NetIron CER 2000 Series ................................................................................................... 18
2.3.4
Interfaces ........................................................................................................................................... 18
2.4
MODES OF OPERATION .................................................................................................................................... 20
2.5
MODULE VALIDATION LEVEL ............................................................................................................................. 20
3.
ROLES ......................................................................................................................................................... 20
4.
SERVICES .................................................................................................................................................... 21
4.1
4.1.1
SSH ..................................................................................................................................................... 22
4.1.2
HTTPS ................................................................................................................................................. 22
4.1.3
SNMP .................................................................................................................................................. 22
4.1.4
Console ............................................................................................................................................... 22
4.2
PORT CONFIGURATION ADMINISTRATOR ROLE SERVICES ...................................................................................... 22
4.2.1
SSH ..................................................................................................................................................... 22
4.2.2
HTTPS ................................................................................................................................................. 23
4.2.3
SNMP .................................................................................................................................................. 23
4.2.4
Console ............................................................................................................................................... 23
4.3
CRYPTO OFFICER ROLE SERVICES ..................................................................................................................... 23
4.3.1
SSH ..................................................................................................................................................... 23
4.3.2
SCP ..................................................................................................................................................... 23
4.3.3
HTTPS ................................................................................................................................................. 23
4.3.4
SNMP .................................................................................................................................................. 23
4.3.5
Console ............................................................................................................................................... 24
4.4
5.
USER ROLE SERVICES ..................................................................................................................................... 22
NON-FIPS MODE SERVICES ............................................................................................................................ 24
POLICIES ..................................................................................................................................................... 24
5.1
SECURITY RULES ............................................................................................................................................ 24
5.1.1
5.2
Cryptographic Module Operational Rules ........................................................................................ 25
AUTHENTICATION ............................................................................................................................................ 26
Brocade Communications Systems, Inc.
Page 3 of 44
NI 5.1.01a Non-Proprietary Security Policy
5.2.1
Line Authentication Method .............................................................................................................. 26
5.2.2
Enable Authentication Method ......................................................................................................... 26
5.2.3
Local Authentication Method ............................................................................................................ 26
5.2.4
RADIUS Authentication Method ........................................................................................................ 27
5.2.5
TACACS/TACACS+ Authentication Method ...................................................................................... 27
5.2.6
Strength of Authentication ................................................................................................................ 27
5.3
ACCESS CONTROL AND CRITICAL SECURITY PARAMETER (CSP)............................................................................. 28
5.3.1
5.4
6.
CSP Zeroization .................................................................................................................................. 29
PHYSICAL SECURITY ........................................................................................................................................ 29
CRYPTO OFFICER GUIDANCE ...................................................................................................................... 29
6.1
MODE STATUS................................................................................................................................................ 30
6.1.1
7.
Version 2.6
FIPS Approved Mode ......................................................................................................................... 31
REFERENCES .............................................................................................................................................. 34
APPENDIX A: TAMPER LABEL APPLICATION ........................................................................................................ 35
APPLYING SEALS TO A BROCADE MLXE-4 DEVICE ............................................................................................................ 35
APPLYING SEALS TO A BROCADE MLXE-8 DEVICE ............................................................................................................ 37
APPLYING SEALS TO A BROCADE MLXE-16 DEVICE ......................................................................................................... 39
APPLYING SEALS TO BROCADE NETIRON CER 2024 DEVICES .......................................................................................... 41
APPLYING SEALS TO BROCADE NETIRON CER 2048 DEVICES .......................................................................................... 43
Table of Tables
Table 1 MLXe Series Firmware Version ...................................................................................................................... 8
Table 2 MLXe Series Part Numbers ............................................................................................................................ 8
Table 3 MLXe Management Module Part Numbers .................................................................................................. 8
Table 4 MLXe Switch Fabric Module Part Numbers .................................................................................................. 8
Table 5 MLXe Power Supply Part Numbers ................................................................................................................ 9
Table 6 MLXe Fan Module Part Numbers .................................................................................................................. 9
Table 7 MLXe Filler Panel Part Numbers ................................................................................................................... 9
Table 8 Validated MLXe Configurations ................................................................................................................... 10
Table 9 CER Series Firmware Version ...................................................................................................................... 13
Table 10 CER 2000 Series Part Numbers ............................................................................................................... 13
Table 11 CER Interface Module Part Numbers ........................................................................................................ 14
Table 12 CER Power Supply Part Numbers .............................................................................................................. 14
Table 13 Validated CER 2000 Series Configurations .............................................................................................. 15
Table 14 Physical/Logical Interface Correspondence ............................................................................................. 18
Table 15 Power and fan status LEDs for the CER 2024 models ............................................................................ 18
Brocade Communications Systems, Inc.
Page 4 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Table 16 Power and fan status LEDs for the CER 2048 models ............................................................................ 19
Table 17 Power and fan status LEDs for the NI-MLX-MR Management Module ................................................... 20
Table 18 NetIron Security Levels .............................................................................................................................. 20
Table 19 FIPS Approved Cryptographic Functions .................................................................................................. 21
Table 20 FIPS Non-Approved Cryptographic Functions Allowed in FIPS Approved Mode ..................................... 21
Table 21 Access Control Policy and Critical Security Parameter (CSP) .................................................................. 28
Table 22 Algorithm Certificates ................................................................................................................................ 31
Table of Figures
Figure 1 MLXe-4 cryptographic module.................................................................................................................... 11
Figure 2 MLXe-8 cryptographic module.................................................................................................................... 12
Figure 3 MLXe-16 cryptographic module ................................................................................................................. 12
Figure 4 CER 2024C cryptographic module ............................................................................................................. 16
Figure 5 CER 2024F cryptographic module ............................................................................................................. 16
Figure 6 CER 2048C cryptographic module ............................................................................................................. 16
Figure 7 CER 2048CX cryptographic module ........................................................................................................... 17
Figure 8 CER 2048F cryptographic modules ........................................................................................................... 17
Figure 9 CER 2048FX cryptographic module ........................................................................................................... 17
Figure 10 Front view of a Brocade MLXe-4 device with security seals .................................................................. 35
Figure 11 Rear and side view of a Brocade MLXe-4 device with security seals .................................................... 36
Figure 12 Front view of a Brocade MLXe-8 device with security seals .................................................................. 37
Figure 13 Rear and side view of a Brocade MLXe-8 device with security seals .................................................... 38
Figure 14 Front view of a Brocade MLXe-16 device with security seals ................................................................ 39
Figure 15 Rear and side view of a Brocade MLXe-16 device with security seals .................................................. 40
Figure 16 Front, top, and right side view of a Brocade NetIron CER 2024 device with security seals ................ 41
Figure 17 Rear, top, and left side view of a Brocade NetIron CER 2024 device with security seals ................... 42
Figure 18 Front, top, and right side view of a Brocade NetIron CER 2048 device with security seals ................ 43
Figure 19 Rear, top and left side view of a Brocade NetIron CER 2048 device with security seals .................... 44
Brocade Communications Systems, Inc.
Page 5 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Glossary
Term/Acronym
AES
CBC
CER
CLI
CSP
DES
DH
DRBG
DSA
ECB
ECDSA
FI
GbE
HMAC
KDF
LED
LP
Mbps
MP
NDRNG
NI
OC
PRF
RADIUS
RSA
SCP
SFM
SHA
SNMP
SONET
SSH
TACACS
TDEA
TFTP
TLS
Description
Advanced Encryption Standard
Cipher-Block Chaining
Carrier Ethernet Router
Command Line Interface
Critical Security Parameter
Data Encryption Standard
Diffie-Hellman
Deterministic Random Bit Generator
Digital Signature Algorithm
Electronic Codebook mode
Elliptic Curve Digital Signature Algorithm
FastIron platform
Gigabit Ethernet
Keyed-Hash Message Authentication Code
Key Derivation Function
Light-Emitting Diode
Line Processor
Megabits per second
Management Processor
Non-Deterministic Random Number Generator
NetIron platform
Optical Carrier
pseudo-random function
Remote Authentication Dial in User Service
Rivest Shamir Adleman
Secure Copy
Switch Fabric Module
Secure Hash Algorithm
Simple Network Management Protocol
Synchronous Optical Networking
Secure Shell
Terminal Access Control Access-Control System
Triple-DES Encryption Algorithm
Trivial File Transfer Protocol
Transport Layer Security
Brocade Communications Systems, Inc.
Page 6 of 44
NI 5.1.01a Non-Proprietary Security Policy
1.
Version 2.6
Introduction
Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wirespeed density; rich IPv4, IPv6, Multi-VRF, MPLS, and Carrier Ethernet capabilities without compromising
performance; and advanced Layer 2 switching. Built upon Brocade's sixth-generation architecture and terabitscale switch fabrics, the Brocade MLXe Series has a proven heritage with more than 9000 routers deployed
worldwide. Internet Service Providers (ISPs), transit networks, Content Delivery Networks (CDNs), hosting
providers, and Internet Exchange Points (IXPs) rely on these routers to meet skyrocketing traffic requirements
and reduce the cost per bit. By leveraging the Brocade MLXe Series, mission-critical data centers can support
more traffic, achieve greater virtualization, and provide cloud services using less infrastructure—thereby
simplifying operations and reducing costs. Moreover, the Brocade MLXe Series can reduce complexity in large
campus networks by collapsing core and aggregation layers, as well as providing connectivity between sites
using MPLS/VPLS.
The Brocade NetIron CER 2000 Series is a family of compact 1U routers that are purpose-built for highperformance Ethernet edge routing and MPLS applications. These fixed-form routers can store a complete
Internet table and support advanced MPLS features such as Traffic Engineering and VPLS. They are ideal for
supporting a wide range of applications in Metro Ethernet, data center and campus networks. The NetIron CER
2000 is available in 24- and 48-port 1 Gigabit Ethernet (GbE) copper and hybrid fiber configurations with two
optional 10 GbE uplink ports. To help ensure high performance, all the ports are capable of forwarding IP and
MPLS packets at wire speed without oversubscription. With less than 5 watts/Gbps of power consumption,
service providers can push up to 136 Gbps of triple-play services through the NetIron CER 2000 while reducing
their carbon footprint.
2.
Overview
Brocade routers provide high-performance routing to service providers, metro topologies, and Internet
Exchange Points. Each router is a multi-chip standalone cryptographic module. Each device has an opaque
enclosure with tamper detection tape for detecting any unauthorized physical access to the device. The NetIron
family includes both chassis and fixed-port devices.
Brocade MLXe series devices are chassis devices. A NetIron chassis contains slots for management card(s),
Switch Fabric Module(s) (SFM), and interface modules. The SFM pass data packets between the various
modules. The interface modules themselves forward data without any cryptographic operation or pass data
packets to the management module, if any cryptographic operation has to be performed.
The cryptographic boundary of a Brocade MLXe series device is a chassis with one management card with
tamper detection tape for detecting any unauthorized physical access to the device. The power supplies and
fan tray assemblies are part of the cryptographic boundary and can be replaced in the field. Unpopulated
power supply locations are covered by opaque filler panels, which are part of the cryptographic boundary when
the secondary redundant power supplies not used. Opaque filler panels are not available for installation in
place of a fan tray assembly in the field. Opaque filler panels cover all unpopulated management module,
switch fabric module and interface module slots.
The cryptographic boundary of a CER 2000 series device is an opaque enclosure with tamper detection tape
for detecting any unauthorized physical access to the device. Within the NetIron family, the CER 2000 series
are fixed-port devices.
Brocade Communications Systems, Inc.
Page 7 of 44
NI 5.1.01a Non-Proprietary Security Policy
2.1
Version 2.6
Brocade MLXe series
Table 1 MLXe Series Firmware Version
Firmware
IronWare Release R05.1.01a
Table 2 MLXe Series Part Numbers
SKU
MFG Part Number
BR-MLXE-4-MR-M-AC
80-1006853-01
BR-MLXE-4-MR-M-DC
BR-MLXE-8-MR-M-AC
BR-MLXE-8-MR-M-DC
BR-MLXE-16-MR-M-AC
BR-MLXE-16-MR-M-DC
Brief Description
Brocade MLXe-4 AC system with 2 high speed
switch fabric modules, 1 1200W AC power supply,
4 exhaust fan assembly kits and air filter. MLX
management module included.
80-1006854-01
Brocade MLXe-4 DC system with 2 high speed
switch fabric modules, 1 1200W DC power
supply, 4 exhaust fan assembly kits and air filter.
MLX management module included.
80-1004809-04
Brocade MLXe-8 AC system with 2 high speed
switch fabric modules, 2 1200W AC power
supplies, 2 exhaust fan assembly kits and air
filter. MLX management module included.
80-1004811-04
Brocade MLXe-8 DC system with 2 high speed
switch fabric modules, 2 1200W DC power
supplies, 2 exhaust fan assembly kits and air
filter. MLX management module included
80-1006820-02
Brocade MLXe-16 AC system with 3 high speed
switch fabric modules, 4 1200W AC power
supplies, 2 exhaust fan assembly kits and air
filter. MLX management module included.
80-1006822-02
Brocade MLXe-16 DC system with 3 high speed
switch fabric modules, 4 1200W DC power
supplies, 2 exhaust fan assembly kits and air
filter. MLX management module included.
Table 3 MLXe Management Module Part Numbers
SKU
MFG Part Number
NI-MLX-MR
80-1006778-01
Brief Description
NetIron MLX Series management module with 1 GB
ECC memory, dual PCMCIA slots, EIA/TIA-232 (RS232) serial console port and 10/100/1000
Ethernet port for out-of band management
Table 4 MLXe Switch Fabric Module Part Numbers
SKU
MFG Part Number
NI-X-4-HSF
80-1003891-02
NI-X-16-8-HSF
80-1002983-01
Brocade Communications Systems, Inc.
Brief Description
MLXe/MLX/XMR high speed switch fabric module
for 4-slot chassis
MLXe/MLX/XMR high speed switch fabric module
for 8-slot and 16-slot chassis
Page 8 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Table 5 MLXe Power Supply Part Numbers
SKU
NI-X-ACPWR-A
NI-X-DCPWR-A
NI-X-ACPWR
NI-X-DCPWR
MFG Part Number
80-1003812-02
80-1003813-02
80-1003811-02
80-1002756-03
Brief Description
4-slot MLX AC power supply, 1200W
4-slot MLX DC power supply, 1200W
16-slot and 8-slot MLX AC power supply, 1200W
16-slot and 8-slot MLX DC power supply, 1200W
Table 6 MLXe Fan Module Part Numbers
SKU
BR-MLXE-4-FAN
BR-MLXE-8-FAN
BR-MLXE-16-FAN
MFG Part Number
80-1004114-01
80-1004113-01
80-1004112-01
Brief Description
MLXe-4 exhaust fan assembly kit
MLXe-8 exhaust fan assembly kit
MLXe-16 exhaust fan assembly kit
Table 7 MLXe Filler Panel Part Numbers
SKU
NI-X-MPNL
NI-X-IPNL
NI-X-SF3PNL
NI-X-SF1PNL
NI-X-PWRPNL
NI-X-PWRPNL-A
MFG Part Number
Brief Description
80-1004760-02 NetIron XMR/MLX Series management module blank panel
80-1006511-02 NetIron XMR/MLX Series interface module blank panel
NetIron XMR/MLX switch fabric module blank panel for 16- and 880-1004757-02
slot chassis
NetIron XMR/MLX switch fabric module blank panel for 4-slot
80-1003009-01
chassis
NetIron XMR/MLX power supply blank panel for 16-and 8-slot
80-1003052-01
chassis
80-1003053-01 NetIron XMR/MLX power supply blank panel for 4-slot chassis
Brocade Communications Systems, Inc.
Page 9 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Table 8 Validated MLXe Configurations
MLXe Model
MLXe-4
MLXe-8
Validated MLXe Configurations
SKUs (Count)
Chassis: BR-MLXE-4-MR-M-AC
Management Module: NI-MLX-MR (1)
Management Module Filler Panels: NI-X-MPNL (1)
Switch Fabric Modules: NI-X-4-HSF (2)
Switch fabric Module Filler Panels: NI-X-SF1PNL (1)
Interface Modules: None
Interface Module Filler Panels: NI-X-IPNL (4)
Fan Modules: BR-MLXE-4-FAN (4)
AC Power Supply Modules: NI-X-ACPWR-A (1)
Power Supply Filler Panels: NI-X-PWRPNL-A (3)
Chassis: BR-MLXE-4-MR-M-DC
Management Module: NI-MLX-MR (1)
Management Module Filler Panels: NI-X-MPNL (1)
Switch Fabric Modules: NI-X-4-HSF (2)
Switch fabric Module Filler Panels: NI-X-SF1PNL (1)
Interface Modules: None
Interface Module Filler Panels: NI-X-IPNL (4)
Fan Modules: BR-MLXE-4-FAN (4)
DC Power Supply Modules: NI-X-DCPWR-A (1)
Power Supply Filler Panels: NI-X-PWRPNL-A (3)
Chassis: BR-MLXE-8-MR-M-AC
Management Module: NI-MLX-MR (1)
Management Module Filler Panels: NI-X-MPNL (1)
Switch Fabric Modules: NI-X-16-8-HSF (2)
Switch fabric Module Filler Panels: NI-X-SF3PNL (1)
Interface Modules: None
Interface Module Filler Panels: NI-X-IPNL (8)
Fan Modules: BR-MLXE-8-FAN (2)
AC Power Supply Modules: NI-X-ACPWR (2)
Power Supply Filler Panels: NI-X-PWRPNL (2)
Chassis: BR-MLXE-8-MR-M-DC
Management Module: NI-MLX-MR (1)
Management Module Filler Panels: NI-X-MPNL (1)
Switch Fabric Modules: NI-X-16-8-HSF (2)
Switch fabric Module Filler Panels: NI-X-SF3PNL (1)
Interface Modules: None
Interface Module Filler Panels: NI-X-IPNL (8)
Fan Modules: BR-MLXE-8-FAN (2)
DC Power Supply Modules: NI-X-DCPWR (2)
Power Supply Filler Panels: NI-X-PWRPNL(2)
Brocade Communications Systems, Inc.
Page 10 of 44
NI 5.1.01a Non-Proprietary Security Policy
MLXe Model
MLXe-16
Version 2.6
Validated MLXe Configurations
SKUs (Count)
Chassis: BR-MLXE-16-MR-M-AC
Management Module: NI-MLX-MR (1)
Management Module Filler Panels: NI-X-MPNL (1)
Switch Fabric Modules: NI-X-16-8-HSF (3)
Switch fabric Module Filler Panels: NI-X-SF3PNL (1)
Interface Modules: None
Interface Module Filler Panels: NI-X-IPNL (16)
Fan Modules: BR-MLXE-16-FAN (2)
AC Power Supply Modules: NI-X-ACPWR (4),
Power Supply Filler Panels: NI-X-PWRPNL (4)
Chassis: BR-MLXE-16-MR-M-DC
Management Module: NI-MLX-MR (1)
Management Module Filler Panels: NI-X-MPNL (1)
Switch Fabric Modules: NI-X-16-8-HSF (3)
Switch fabric Module Filler Panels: NI-X-SF3PNL (1)
Interface Modules: None
Interface Module Filler Panels: NI-X-IPNL (16)
Fan Modules: BR-MLXE-16-FAN (2)
DC Power Supply Modules: NI-X-DCPWR (4),
Power Supply Filler Panels: NI-X-PWRPNL (4)
Figure 1 illustrates the MLXe-4 cryptographic module. Table 8 defines the configuration of the validated
MLXe-4. The management module, switch fabric module and power supply module locations are defined by
the red ovals in Figure 1.
Figure 1 MLXe-4 cryptographic module
Switch Fabric
Module 1
Switch Fabric
Module 2
Management Module
Power Supply Module
Brocade Communications Systems, Inc.
Page 11 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Figure 2 illustrates the MLXe-8 cryptographic module. Table 8 defines the configuration of the validated MLXe8. The management module, switch fabric module and power supply module locations are defined by the red
ovals in Figure 2.
Figure 2 MLXe-8 cryptographic module
Switch Fabric
Module 1
Switch Fabric
Module 2
Management Module
Power Supply 2
Power Supply 1
Figure 3 illustrates the MLXe-16 cryptographic module. Table 8 defines the configuration of the validated
MLXe-16. The management module, switch fabric module and power supply module locations are defined by
the red ovals in Figure 3.
Figure 3 MLXe-16 cryptographic module
Switch Fabric
Modules 1 & 3
Management Module
Switch Fabric
Module 2
Power Supplies 1-4
Brocade Communications Systems, Inc.
Page 12 of 44
NI 5.1.01a Non-Proprietary Security Policy
2.2
Version 2.6
Brocade CER 2000 series
Brocade NetIron CER 2000 series devices are single CPU devices that can have one plug-in module depending
upon the system configuration. The cryptographic boundary of a Brocade NetIron CER device is the entire unit.
Table 9 CER Series Firmware Version
Firmware
IronWare Release R05.1.01a
Table 10 CER 2000 Series Part Numbers
SKU
NI-CER-2048F-ADVPREM-AC
NI-CER-2048F-ADVPREM-DC
NI-CER-2048FX-ADVPREM-AC
NI-CER-2048FX-ADVPREM-DC
NI-CER-2024F-ADVPREM-AC
NI-CER-2024F-ADVPREM-DC
NI-CER-2024C-ADVPREM-AC
CER 2000 Series Part Numbers
MFG Part Number
Brief Description
NetIron CER 2048F includes 48 SFP ports of
100/1000 Mbps Ethernet. The router also includes
80-1003769-07
500W AC power supply (RPS9), and ADV_PREM
(Advanced Services software
NetIron CER 2048F includes 48 SFP ports of
100/1000 Mbps Ethernet. The router also includes
80-1003770-08
500W DC power supply (RPS9DC), and ADV_PREM
(Advanced Services software
NetIron CER 2048FX includes 48 SFP ports of
100/1000 Mbps Ethernet with 2 ports of 10 Gigabit
80-1003771-07
Ethernet XFP for uplink connectivity. The router also
includes 500W AC power supply (RPS9), and
ADV_PREM (Advanced Services software
NetIron CER 2048FX includes 48 SFP ports of
100/1000 Mbps Ethernet with 2 ports of 10 Gigabit
80-1003772-08
Ethernet XFP for uplink connectivity. The router also
includes 500W DC power supply (RPS9DC), and
ADV_PREM (Advanced Services software
NetIron CER 2024F includes 24 SFP ports of
100/1000 Mbps Ethernet with 4 combination
RJ45/SFP Gigabit Ethernet for uplink connectivity.
80-1006902-02
Optional slot for 2 ports of 10 Gigabit Ethernet XFP,
500W AC power supply (RPS9), and Advanced
Services software
NetIron CER 2024F includes 24 SFP ports of
100/1000 Mbps Ethernet with 4 combination
RJ45/SFP Gigabit Ethernet for uplink connectivity.
80-1006904-02
Optional slot for 2 ports of 10 Gigabit Ethernet XFP,
500W DC power supply (RPS9DC), and Advanced
Services software
NetIron CER 2024C includes 24 RJ45 ports of
10/100/1000 Mbps Ethernet with 4 combination
RJ45/SFP Gigabit Ethernet for uplink connectivity.
80-1007032-02
Optional slot for 2 ports of 10 Gigabit Ethernet XFP,
500W AC power supply (RPS9), and Advanced
Services software
Brocade Communications Systems, Inc.
Page 13 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
CER 2000 Series Part Numbers
SKU
MFG Part Number
NI-CER-2024C-ADVPREM-DC
80-1007034-02
NI-CER-2048C-ADVPREM-AC
80-1007039-02
NI-CER-2048C-ADVPREM-DC
80-1007040-02
NI-CER-2048CX-ADVPREM-AC
80-1007041-02
NI-CER-2048CX-ADVPREM-DC
80-1007042-02
Brief Description
NetIron CER 2024C includes 24 RJ45 ports of
10/100/1000 Mbps Ethernet with 4 combination
RJ45/SFP Gigabit Ethernet for uplink connectivity.
Optional slot for 2 ports of 10 Gigabit Ethernet XFP,
500W DC power supply (RPS9DC), and Advanced
Services software
NetIron CER 2048C includes 48 RJ45 ports of
10/100/1000 Mbps Ethernet with 4 combination
RJ45/SFP Gigabit Ethernet for uplink connectivity. The
router also includes 500W AC power supply (RPS9),
and Advanced Services software
NetIron CER 2048C includes 48 RJ45 ports of
10/100/1000 Mbps Ethernet with 4 combination
RJ45/SFP Gigabit Ethernet for uplink connectivity. The
router also includes 500W DC power supply
(RPS9DC), and Advanced Services software
NetIron CER 2048CX includes 48 RJ45 ports of
10/100/1000 Mbps Ethernet with 2 ports of 10
Gigabit Ethernet XFP for uplink connectivity. The router
also includes 500W AC power supply (RPS9), and
ADV_PREM (Advanced Services software
NetIron CER 2048CX includes 48 RJ45 ports of
10/100/1000 Mbps Ethernet with 2 ports of 10
Gigabit Ethernet XFP for uplink connectivity. The router
also includes 500W DC power supply (RPS9DC), and
ADV_PREM (Advanced Services software
Table 11 CER Interface Module Part Numbers
SKU
NI-CER-2024-2X10G
MFG Part Number
80-1003719-03
Brief Description
NetIron CER 2000 Series 2x10G XFP uplink
Table 12 CER Power Supply Part Numbers
SKU
RPS9
RPS9DC
MFG Part Number
80-1003868-01
80-1003869-02
Brocade Communications Systems, Inc.
Brief Description
AC POWER SUPPLY FOR NI CER SERIES, 500W
DC POWER SUPPLY FOR NI CER SERIES, 500W
Page 14 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Table 13 Validated CER 2000 Series Configurations
Validated CER 2000 Series Configurations
CER Model
SKUs (Count)
Base: NI- CER-2048F-AC
Interface module: None
NI-CER-2048F-ADVPREM-AC
License: SW-CER-2048-ADVU (1)
Power supply: RPS9(1)
Base: NI-CER-2048F-DC
Interface module: None
NI-CER-2048F-ADVPREM-DC
License: SW-CER-2048-ADVU (1)
Power supply: RPS9DC(1)
Base: NI-CER-2048FX-AC
Interface module: NI-CER-2024-2X10G (1)
NI-CER-2048FX-ADVPREM-AC
License: SW-CER-2048-ADVU (1)
Power supply: RPS9(1)
Base: NI-CER-2048FX-DC
Interface module: NI-CER-2024-2X10G
NI-CER-2048FX-ADVPREM-DC
License: SW-CER-2048-ADVU (1)
Power supply: RPS9DC(1)
Base: NI-CER-2024F-AC
Interface module: None
NI-CER-2024F-ADVPREM-AC
License: SW-CER-2024-ADVU (1)
Power supply: RPS9(1)
Base: NI-CER-2024F-DC
Interface module: None
NI-CER-2024F-ADVPREM-DC
License: SW-CER-2024-ADVU (1)
Power supply: RPS9DC(1)
Base: NI-CER-2024C-AC
Interface module: None
NI-CER-2024C-ADVPREM-AC
License: SW-CER-2024-ADVU (1)
Power supply: RPS9(1)
Base: NI-CER-2024C-DC
Interface module: None
NI-CER-2024C-ADVPREM-DC
License: SW-CER-2024-ADVU (1)
Power supply: RPS9DC(1)
Base: NI-CER-2048C-AC
Interface module: None
NI-CER-2048C-ADVPREM-AC
License: SW-CER-2048-ADVU (1)
Power supply: RPS9(1)
Base: NI-CER-2048C-DC
Interface module: None
NI-CER-2048C-ADVPREM-DC
License: SW-CER-2048-ADVU (1)
Power supply: RPS9DC(1)
Brocade Communications Systems, Inc.
Page 15 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Validated CER 2000 Series Configurations
CER Model
SKUs (Count)
Base: NI-CER-2048CX-AC
Interface module: NI-CER-2024-2X10G (1)
NI-CER-2048CX-ADVPREM-AC
License: SW-CER-2048-ADVU (1)
Power supply: RPS9(1)
Base: NI-CER-2048CX-DC
Interface module: NI-CER-2024-2X10G (1)
NI-CER-2048CX-ADVPREM-DC
License: SW-CER-2048-ADVU (1)
Power supply: RPS9DC(1)
Figure 4 illustrates the CER 2024C cryptographic module. Table 13 defines the configuration of the validated
CER 2024C modules.
Figure 4 CER 2024C cryptographic module
Figure 5 illustrates the CER 2024F cryptographic module. Table 13 defines the configuration of the validated
CER 2024F modules.
Figure 5 CER 2024F cryptographic module
Figure 6 illustrates the CER 2048C cryptographic module. Table 13 defines the configuration of the validated
CER 2048C modules.
Figure 6 CER 2048C cryptographic module
Brocade Communications Systems, Inc.
Page 16 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Figure 7 illustrates the CER 2048CX cryptographic module. Table 13 defines the configuration of the validated
CER 2048CX modules.
Figure 7 CER 2048CX cryptographic module
Figure 8 illustrates the CER 2048F cryptographic module. Table 13 defines the configuration of the validated
CER 2048F modules.
Figure 8 CER 2048F cryptographic modules
Figure 9 illustrates the CER 2048FX cryptographic module. Table 13 defines the configuration of the validated
CER 2048FX modules.
Figure 9 CER 2048FX cryptographic module
2.3
Ports and Interfaces
Each NetIron device provides network ports, management connectors, and status LED. This section describes
the physical ports and the interfaces they provide for Data Input, Data Output, Control Input, and Control
Output.
2.3.1
Brocade MLXe Series
Although not part of this validation, the Brocade MLXe series chassis supports a variety of interface modules.
Interface modules are available to provide Ethernet and Synchronous Optical Networking (SONET) ports with
multiple connector types and transmission rates. Models in the series can provide up to:

256 10 Gigabit Ethernet ports per chassis

1536 Gigabit Ethernet ports per chassis,

64 OC-192 SONET ports per chassis, or

256 OC-48 SONET ports per chassis
See section Interface modules for supported interface modules, the ports each provides, and the
corresponding status indicators.
2.3.2
MLX Management Cards
Each management module provides physical ports and status indicators. These are:
Brocade Communications Systems, Inc.
Page 17 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6

Dual PCMCIA slots for external storage.

EIA/TIA-232 Serial port for a console terminal, and

10/100/1000 Mbps Ethernet port for out-of-band management.
See [53-1001966-01] section Management Modules for detailed descriptions of management card ports and
status indicators.
2.3.3
Brocade NetIron CER 2000 Series
Models in the Brocade NetIron CER 2000 series provide either 24 or 48 Gigabit Ethernet ports. The series
supports both copper and fiber connecters with some models supporting combination ports. Some models
support 10 Gigabit Ethernet uplink ports. All models have an out-of-band Ethernet management port and a
console management port (Gigabit Ethernet RJ-45 connector and serial connector, respectively).
See [53-1001966-01] section Hardware features for detailed descriptions of network ports (including
combination ports), management ports, and status indicators provided by each model.
2.3.4
Interfaces
Table 14 shows the correspondence between the physical interfaces of NetIron devices and logical interfaces
defined in FIPS 140-2.
Table 14 Physical/Logical Interface Correspondence
Physical Interface
Logical Interface
Networking ports
Console
Data input
Networking ports
Console
Data output
Networking ports
Console
PCMCIA
Networking ports
Console
Control input
Status output
LED
PCMCIA
Power plugs
2.3.4.1
Power
Status LEDs
Table 15 Power and fan status LEDs for the CER 2024 models
LED
Fan (labeled Fn)
Position
Right side of front
panel
Brocade Communications Systems, Inc.
State
Meaning
Green
The fan tray is powered on and is
operating normal
Amber or
Green
blinking
The fan tray is not plugged in.
Amber
The fan tray is plugged in but one or
more fans are faulty.
Page 18 of 44
NI 5.1.01a Non-Proprietary Security Policy
LED
Version 2.6
Position
State
Off
AC PS1 (labeled P1)
Right side of front
panel
Amber
Green
Off
AC PS2 (labeled P2)
Right side of front
panel
Amber
Green
Meaning
Power supply 1 is not installed or is not
providing power.
Power supply 1 is installed, but not
connected or a fault is detected.
Power supply 1 is installed and is
functioning normally.
Power supply 2 is not installed or is not
providing power.
Power supply 2 is installed, but not
connected or a fault is detected.
Power supply 2 is installed and is
functioning normally
Table 16 Power and fan status LEDs for the CER 2048 models1
LED
Fan (labeled Fn)
Position
Left side of front
panel
State
Green
The fan tray is powered on and is
operating normal
Amber or
green
blinking
The fan tray is not plugged in.
Amber
Off
PS1 (labeled P1)
Left side of front
panel
Amber
Green
Off
PS2 (labeled P2)
Left side of front
panel
Amber
Green
Off
Amber
DC
Right side of front
panel
Green
Green
blinking
1
Meaning
The fan tray is plugged in but one or
more fans are faulty.
Power supply 1 is not installed or is not
providing power.
Power supply 1 is installed, but not
connected or a fault is detected.
Power supply 1 is installed and is
functioning normally.
Power supply 2 is not installed or is not
providing power.
Power supply 2 is installed, but not
connected or a fault is detected.
Power supply 2 is installed and is
functioning normally
No DC Power
The power supply has DC power, but the
output is disabled or the power supply is
over temperature or the fan failed
Power supply has DC power, is enabled
and is operating normal.
Power supply has input power, but the
DC output is disabled
The LEDs for the CER 2048CX, 2048F, and 2048FX models are just below the management Ethernet port on the left
side of the front panel, labeled P1, P2, and Fn, left to right. The LEDs for the 2048C are just below the console
connector on the left side of the front panel, labeled P1, P2, and Fn, left to right.
Brocade Communications Systems, Inc.
Page 19 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Table 17 Power and fan status LEDs for the NI-MLX-MR Management Module
LED
State
On
Active
Off
On
Off
Green
Pwr
10/100/1000
Ethernet Port
2.4
Off
Meaning
The module is functioning as the active
management module
The module is not managing the switch
fabric and interface modules in the
chassis.
The module is receiving power
The module is not receiving power
A link is established with a remote port
The port is not transmitting or receiving
packets
Modes of Operation
The NetIron cryptographic module has two modes of operation: FIPS Approved mode and non-FIPS Approved
mode. Section 4 describes services and cryptographic algorithms available in FIPS-Approved mode. In nonFIPS Approved mode, the module runs without these FIPS policy rules applied. Section 6.1.1 FIPS Approved
Mode describes how to invoke FIPS-Approved mode.
The module does not support bypass.
2.5
Module Validation Level
The module meets an overall FIPS 140-2 compliance of security level 2 with Design Assurance level 3.
Table 18 NetIron Security Levels
3.
Security Requirements Section
Level
Cryptographic Module Specification
Cryptographic Module Ports and Interfaces
Roles, Services, and Authentication
Finite State Model
Physical Security
Cryptographic Key Management
Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC)
Self-Tests
Design Assurance
Mitigation of Other Attacks
Operational Environment
2
2
2
2
2
2
2
2
3
N/A
N/A
Roles
In FIPS Approved mode, NetIron supports three roles: Crypto Officer, Port Configuration Administrator, and
User:
1. Crypto Officer Role: The Crypto Officer role on the device in FIPS Approved mode is equivalent to
administrator or super-user in non-FIPS mode. Hence, the Crypto Officer role has complete access to
the system.
2. Port Configuration Administrator Role: The Port Configuration Administrator role on the device in FIPS
Approved mode is equivalent to the port-config, a port configuration user in non-FIPS Approved mode.
Brocade Communications Systems, Inc.
Page 20 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Hence, the Port Configuration Administrator role has read-and-write access for specific ports but not
for global (system-wide) parameters.
3. User Role: The User role on the device in FIPS Approved mode has read-only privileges and no
configuration mode access (user).
4. Unauthenticated Role: The unauthenticated role on the device in FIPS mode is possible while using
serial console to access the device. Console is considered as a trusted channel. The scope of the role
is same as the User Role without authentication. The enable command allows user to authenticate
using a different role. Based on the authentication method mentioned in section 5.2, the role would
change to one of Crypto Officer, Port Configuration Administrator or User role.
The User role has read-only access to the cryptographic module while the Crypto Officer role has access to all
device commands. NetIron modules do not have a maintenance interface.
See section 4 Services, section Password Assignment in [53-1001966-01], and section Assigning Permanent
Passwords in [53-1001967-03] for details of role capabilities. Within this document, Section 5.2
Authentication describes the authentication policy for the user roles.
4.
Services
The services available to an operator depend on the operator’s role. Unauthenticated operators may view
externally visible status LED. LED signals indicate status that allows operators determine if the network
connections are functioning properly. Unauthenticated operators can also perform self-test via power-cycle.
They can also view the module status via “fips show”.
For all other services, an operator must authenticate to the device as described in section 5.2 Authentication.
NetIron devices provide services for remote communication (SSH, SCP, HTTPS, SNMPv3 and Console) for
management and configuration of cryptographic functions.
The following subsections describe services available to operators based on role. Each description includes
lists of cryptographic functions and critical security parameter (CSP) associated with the service. Table 19
summarizes the available FIPS-Approved cryptographic functions. Table 20 lists cryptographic functions that
while not FIPS-Approved are allowed in FIPS Approved mode of operation.
Table 19 FIPS Approved Cryptographic Functions
Label
Cryptographic Function
AES
Triple-DES
SHA
HMAC
DRBG
DSA
RSA
Advanced Encryption Algorithm
Triple Data Encryption Algorithm
Secure Hash Algorithm
Keyed-Hash Message Authentication code
Deterministic Random Bit Generator
Digital Signature Algorithm
Rivest Shamir Adleman Signature Algorithm
Table 20 FIPS Non-Approved Cryptographic Functions Allowed in FIPS Approved Mode
Label
KW
DH
SNMP
MD5
KDF
Cryptographic Functions
RSA Key Wrapping
Diffie-Hellman key agreement
SNMPv3
Message-Digest algorithm 5
SSHv2 Key Derivation Function
Brocade Communications Systems, Inc.
Page 21 of 44
NI 5.1.01a Non-Proprietary Security Policy
4.1
4.1.1
Version 2.6
User Role Services
SSH
This service provides a secure session between a NetIron device and a SSH client. The NetIron device
authenticates a SSH client and provides an encrypted communication channel. An operator may use a SSH
session for managing the device via the command line interface.
NetIron devices support two kinds of SSH client authentication: password and keyboard interactive. For
password authentication, an operator attempting to establish a SSH session provides a password through the
SSH client. The NetIron device authenticates operator with passwords stored on the device, on a TACACS or
TACACS+ server, or on a RADIUS server. Section 5.2 Authentication provides authentication details. The
keyboard interactive (KI) authentication goes one-step ahead. It allows multiple challenges to be issued by the
NetIron device, using the backend RADIUS or TACACS+ server, to the SSH client. Only after the SSH client
responds correctly to the challenges, will the SSH client get authenticated and proper access is given to the
NetIron device.
In User Role access, the client is given access to three commands: enable, exit and terminal. The enable
command allows user to reauthenticate using a different role. If the role is same, based on the credentials
given during the enable command, the user has access to a small subset of commands that can perform ping,
traceroute, outbound telnet client in addition to show commands.
4.1.2
HTTPS
This service provides a graphical user interface for managing a NetIron MLXe device over a secure
communication channel. The HTTPS service is not supported on CER 2000 Series devices. Using a web
browser, an operator connects to a designated port on a NetIron device. The device negotiates a TLS
connection with the browser and authenticates the operator. The device uses HTTP over TLS with cipher suites
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, and
TLS_RSA_WITH_3DES_EDE_CBC_SHA.
In User role, after successful login, the default HTML page is same for any role. The user can surf to any page
after clicking on any URL. However, this user is not be allowed to make any modifications. If the user presses
the ‘Modify’ button within any page, the user will be challenged to reenter the crypto officer’s credentials. The
challenge dialog box does not close unless the user provides the crypto-officer’s access credentials. After three
failed attempts, the page ‘Protected Object’ is displayed, in effect disallowing any changes from the web.
4.1.3
SNMP
The SNMP service within user role allows read-only access to the SNMP MIB within the NetIron device, using
SNMPv1, v2c or v3 versions. The device does not provide SNMP access to CSPs when operating in FIPS
Approved mode. These CSP MIB objects are a small subset of MIB that represent the security parameters like
passwords, secrets and keys. Other MIB objects are made available for read-only access (status output).
4.1.4
Console
Console connection occurs via a directly connected RS-232 serial cable. Once authenticated as the User, the
module provides console commands to display information about a NetIron device and perform basic tasks
(such as pings). The User role has read-only privileges and no configuration mode access. The list of
commands available are same as the list mentioned in the SSH service.
4.2
4.2.1
Port Configuration Administrator Role Services
SSH
Section 4.1.1, above, describes this service.
The port configuration administrator will have 7 commands, which allows this user to run show commands, run
ping or traceroute and the enable command which allows this user to reauthenticate as described in section
4.1.1. Within the configuration mode, this role provides access to all the port configuration commands, e.g. All
sub-commands within “interface eth 1/1” command. This operator can transfer and store software images and
configuration files between the network and the system, and review the configuration
Brocade Communications Systems, Inc.
Page 22 of 44
NI 5.1.01a Non-Proprietary Security Policy
4.2.2
Version 2.6
HTTPS
Section 4.1.2, above, describes this service.
Like the User role, the Port Configuration Administrator role user is allowed to view all the web pages. In
addition, this user is allowed to modify any configuration that is related to an interface. For example, the
Configuration->Port page will allow this operator to make changes to individual port properties within the page.
4.2.3
SNMP
Section 4.1.3, above, describes this service.
The SNMP service is not available for a port configuration under the administrator role.
4.2.4
Console
Section 4.1.4, above, describes this service.
Console access as the Port Configuration Administrator provides an operator with the same capabilities as
User Console commands plus configuration commands associated with a network port on the device. The list
of commands available are same as those mentioned in the SSH service.
4.3
4.3.1
Crypto Officer Role Services
SSH
In addition to the two methods of authentication, password and keyboard interactive, described in section
4.1.1, SSH service in this role supports public key authentication, in which the device stores a collection of
client public keys. Only clients with a private key that corresponds to one of the stored public keys can gain
access to the device using SSH. After a client’s public key is found to match one of the stored public keys, the
device will give crypto officer access to the entire module.
The Crypto Officer can perform configuration changes to the module. This role has full read and write access to
the NetIron device.
4.3.2
SCP
This is a secure copy service. The service supports both outbound and inbound copies of configuration, binary
images, or files. Binary files can be copied and installed similar to TFTP operation (that is, upload from device
to host and download from host to device, respectively). SCP automatically uses the authentication methods,
encryption algorithm, and data compression level configured for SSH. For example, if password authentication
is enabled for SSH, the user is prompted for a user name and password before SCP allows a file to be
transferred. One use of SCP on NetIron devices is to copy user digital certificates and host public-private key
pairs to the device in support of HTTPS. Other use could be to copy configuration to/from the cryptographic
module.
4.3.3
HTTPS
Section 4.1.2, above, describes this service.
In addition to Port Configuration Administrator-role capabilities, the crypto-officer has complete access to all
the web pages and is allowed to make configuration updates through the web pages that support config
changes.
4.3.4
SNMP
Section 4.1.3, above, describes this service.
The SNMP service within crypto-officer role allows read access to the SNMP MIB within the NetIron device,
using SNMPv1, v2c or v3 versions. The device does not provide SNMP access to CSPs when operating in FIPS
Approved mode. These CSP MIB objects are a small subset of MIB that represent the security parameters like
passwords, secrets and keys. Other MIB objects are made available for read-only access (status output).
Brocade Communications Systems, Inc.
Page 23 of 44
NI 5.1.01a Non-Proprietary Security Policy
4.3.5
Version 2.6
Console
This service is described in Section 4.1.4 above.
Console commands provide an authenticated Crypto Officer complete access to all the commands within the
NetIron device. This operator can enable, disable and perform status checks. This operator can also enable
any service by configuring the corresponding command. For example, to turn on SSH service, the operator
would create a pair of DSA host keys, configure the authentication scheme for SSH access. To enable the Web
Management service, the operator would create a pair of RSA host keys and a digital certificate using
corresponding commands, and enable the HTTPS server.
4.4
Non-FIPS Mode Services
Certain services are available within non-FIPS mode of operation, which are otherwise not available in FIPS
mode of operation. They are:
1. TFTP
o
Trivial File Transfer Protocol (TFTP) is a file transfer protocol notable for its simplicity. It is generally
used for automated transfer of configuration or boot files between machines in a local
environment. Compared to FTP, TFTP is extremely limited, providing no authentication, and is
rarely used interactively by a user.
2. Telnet
o
Telnet is a network protocol used on the Internet or local area networks to provide a
bidirectional interactive text-oriented communication facility using a virtual terminal
connection. User data is interspersed in-band with Telnet control information in an 8-bit byte
oriented data connection over the Transmission Control Protocol (TCP).
3. SNMP
o
Allows access to Critical Security Parameter (CSP) MIB objects
4. HTTP
o
5.
5.1
This service provides a graphical user interface for managing a NetIron MLXe device over an
unsecure communication channel. The HTTP service is not supported on CER 2000 Series
devices.
Policies
Security Rules
The cryptographic modules’ design corresponds to the cryptographic module’s security rules. This section
documents the security rules enforced by the cryptographic module to implement the security requirements of
this FIPS140-2 Level 2 module.
1) The cryptographic module provides role-based authentication.
2) Until the module is placed in a valid role, the operator does not have access to any cryptographic
services.
3) The cryptographic module performs the following tests:
a) Power up Self-Tests:
i)
Cryptographic algorithm tests:
(1) RC2-40bit key size KAT (encrypt/decrypt)
(2) RC4-40bit key size KAT (encrypt/decrypt)
(3) DES-56bit key size KAT (encrypt/decrypt)
(4) Triple DES-56bit key size KAT (encrypt/decrypt)
(5) AES-128,192,256-bit key sizes KAT (encrypt/decrypt)
(6) MD2 KAT (Hashing)
Brocade Communications Systems, Inc.
Page 24 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
(7) MD5 KAT (Hashing)
(8) SHA-1,256,384,512 KAT (Hashing)
(9) HMAC-SHA-1,256,384,512 KAT (Hashing)
(10) RSA 2048 bit key size KAT (encrypt/decrypt)
(11) RSA 2048 bit key size, SHA-256,384,512 Hash KAT (signature/verification)
(12) DSA 1024 bit key size, SHA-1 KAT (signature/verification)
(13) DRBG KAT
ii)
Firmware Integrity Test (DSA 1024 bit, SHA-1 Signature Verification)
iii) If the module does not detect an error during the Power on Self-Test (POST), at the conclusion
of the test, the console displays the message shown below.
Crypto module initialization and Known Answer Test (KAT) Passed.
iv) If the module detects an error during the POST, at the conclusion of the test, the console
displays the message shown below. After displaying the failure message, the module reboots.
Crypto Module Failed <Reason String>
b) Conditional Self-Tests:
i)
Continuous Random Number Generator (RNG) test – performed on non-approved RNG.
ii)
Continuous Random Number Generator test – performed on DRBG.
iii) RSA 1024/2048 SHA-1 Pairwise Consistency Test (Sign/Verify)
iv) RSA 1024/2048 Pairwise Consistency Test (Encrypt/Decrypt)
v)
DSA 1024 SHA-1 Pairwise Consistency Test (Sign/Verify)
vi) Firmware Load Test (DSA 1024 bit, SHA-1 Signature Verification)
vii) Bypass Test: N/A
viii) Manual Key Entry Test: N/A
4) At any time the cryptographic module is in an idle state, the operator can command the module to
perform the power-up self-test.
5) Data output is inhibited during key generation, self-tests, zeroization, and error states.
6) Status information does not contain CSPs or sensitive data that if used could compromise the module.
5.1.1
Cryptographic Module Operational Rules
In order to operate an MLXe and CER 2000 series device securely, an operator should be aware of the
following rules for FIPS Approved mode of operation.
External communication channels/ports are not be available before initialization of an MLXe and CER 2000
series device.
MLXe and CER 2000 series devices use a FIPS Approved random number generator implementing Algorithm
Hash DRBG based on hash functions.
MLXe and CER 2000 series ensures that the random number seed and seed key input do not have same
value. The devices generate seed keys and do not accept a seed key entered manually.
MLXe and CER 2000 series devices use FIPS Approved key generation methods:

DSA public and private keys in accordance with [FIPS 186-2+]

RSA public and private keys in accordance with [RSA PKCS #1]
MLXe and CER 2000 series devices test the prime numbers generated for both DSA and RSA keys using MillerRabin test. See [RSA PKCS #1] Appendix 2.1 A Probabilistic Primality Test.
MLXe and CER 2000 series devices use NIST Approved key establishment techniques:
Brocade Communications Systems, Inc.
Page 25 of 44
NI 5.1.01a Non-Proprietary Security Policy

Diffie-Hellman

RSA Key Wrapping
Version 2.6
MLXe and CER 2000 series devices restrict key entry and key generation to authenticated roles.
MLXe and CER 2000 series devices do not display plaintext secret or private keys. The device displays “…” in
place of plaintext keys.
MLXe and CER 2000 series devices use automated methods to realize session keys for SSHv2 and HTTPS.
MLXe and CER 2000 series perform only “get” operations using SNMP.
5.2
Authentication
NetIron devices support role-based authentication. A device can perform authentication and authorization (that
is, role selection) using TACACS/TACACS+, RADIUS and local configuration database. Moreover, NetIron
supports multiple authentication methods for each service.
To implement one or more authentication methods for securing access to the device, an operator in the Crypto
Officer role configures authentication-method lists that set the order in which a device consults authentication
methods. In an authentication-method list, an operator specifies an access method (SSH, Web, SNMP, and so
on) and the order in which the device tries one or more of the following authentication methods:
1. Line password authentication,
2. Enable password authentication,
3. Local user authentication,
4. RADIUS authentication with exec authorization and command authorization, and
5. TACACS/TACACS+ authentication with exec authorization and command authorization
When a list is configured, the device attempts the first method listed to provide authentication. If that method
is not available, (for example, the device cannot reach a TACACS+ server) the device tries the next method until
a method in the list is available or all methods have been tried.
NetIron devices allow multiple concurrent operators through SSH and the console. One operator’s
configuration changes can overwrite the changes of another operator. See [53-1001966-01] Single user in
CONFIG mode.
5.2.1
Line Authentication Method
The line method uses the Telnet password to authenticate an operator.
To use line authentication, a Crypto Officer must set the Telnet password. See Setting the Telnet password in
[53-1001966-01]. Please note that when operating in FIPS mode, Telnet is disabled and Line Authentication
is not available.
5.2.2
Enable Authentication Method
The enable method uses a password corresponding to each role to authenticate an operator. An operator must
enter the read-only password to select the User role. An operator enters the port-config password to the Port
Configuration Administrator role. An operator enters the super-user password to select the Crypto Officer Role.
To use enable authentication, a Crypto Officer must set the password for each privilege level. See Setting
passwords for management privilege levels in [53-1001966-01].
5.2.3
Local Authentication Method
The local method uses a password associated with a user name to authenticate an operator. An operator
enters a user name and corresponding password. The NetIron device assigns the role associated with the user
name to the operator when authentication is successful.
To use local authentication, a Crypto Officer must define user accounts. The definition includes a user name,
password, and privilege level (which determines role). See Setting up local user accounts in [53-1001966-01].
Brocade Communications Systems, Inc.
Page 26 of 44
NI 5.1.01a Non-Proprietary Security Policy
5.2.4
Version 2.6
RADIUS Authentication Method
The RADIUS method uses one or more RADIUS servers to verify user names and passwords. The NetIron device
prompts an operator for user name and password. The device sends the user name and password to the
RADIUS server. Upon successful authentication, the RADIUS server returns the operator’s privilege level, which
determines the operator’s role. If a RADIUS server does not respond, the NetIron device will send the user
name and password information to the next configured RADIUS server.
NetIron series devices support additional command authorization with RADIUS authentication. The following
events occur when RADIUS command authorization takes place.
1. A user previously authenticated by a RADIUS server enters a command on the NetIron device.
2. The NetIron device looks at its configuration to see if the command is at a privilege level that requires
RADIUS command authorization.
3. If the command belongs to a privilege level that requires authorization, the NetIron device looks at the
list of commands returned to it when RADIUS server authenticated the user.
NOTE: After RADIUS authentication takes place, the command list resides on the NetIron device. The device
does not consult the RADIUS server again once the operator has been authenticated. This means that any
changes made to the operator’s command list on the RADIUS server are not reflected until the next time the
RADIUS server authenticates the operator, and the server sends a new command list to the NetIron device.
To use RADIUS authentication, a Crypto Officer must configure RADIUS server settings along with
authentication and authorization settings. See RADIUS configuration procedure in [53-1001966-01].
5.2.5
TACACS/TACACS+ Authentication Method
The TACACS/TACACS+ method use one or more TACACS/TACACS+ servers to verify user names and
passwords. For TACACS, the NetIron device prompts an operator for user name and password. The device
sends the user name and password to the TACACS server. Upon successful authentication, the NetIron device
selects the operator’s role implicitly based on the action requested (for example, User role for a login request
or Crypto Officer role for a configure terminal command). For TACACS+ authentication, the NetIron device
prompts an operator for a user name, which the device uses to get a password prompt from the TACACS+
server. The operator enters a password, which the device relays to the server for validation. Upon successful
authentication, the TACACS+ server supports both exec and command authorization similar to RADIUS
authorization described above.
To use TACACS/TACACS+ authentication, a Crypto Officer must configure TACACS/TACACS+ server settings
along with authentication and authorization settings. See TACACS configuration procedure and TACACS+
configuration procedure in [53-1001966-01].
5.2.6
Strength of Authentication
NetIron devices minimize the likelihood that a random authentication attempt will succeed. The probability that
a random guess of a password will succeed is less than 1 in 10,000,000. The probability of a successful
random guess of a password during a one-minute period is less than 6 in 1,000,000.
Brocade Communications Systems, Inc.
Page 27 of 44
NI 5.1.01a Non-Proprietary Security Policy
5.3
Version 2.6
Access Control and Critical Security Parameter (CSP)
Table 21 Access Control Policy and Critical Security Parameter (CSP) summarizes the access operators in each
role have to critical security parameters. Grayed out table cells indicate that the intersection of the role the CSP
have not security relevance. The table entries have the following meanings:

r – operator can read the value of the item,

w – operator can write a new value for the item,

x – operator can use the value of the item (for example encrypt with an encryption key), and

d – operator can delete the value of the item by executing a fips zeroize all command. See item 3a in
Section 6.1.1.1 and Section 6.1.1.2 for further details.
Table 21 Access Control Policy and Critical Security Parameter (CSP)
Port
Administrator
User
Crypto Officer
SSH host RSA or
DSA private key
SSH host RSA or
DSA public key
SSH session key
TLS host RSA
private key
TLS host RSA
digital certificate
TLS pre-master
secret
TLS session key
TLS
authentication
key
DH Private
Exponent
DH Public Key
User Password
Port
Administrator
Password
Crypto Officer
Password
RADIUS Secret
TACACS+ Secret
Firmware
Integrity /
Firmware Load
DSA public key
DRBG Seed
Console
SNMP
HTTPS
SCP
SSH
HTTPS
SSH
Console
CSP
Console
SNMP
HTTPS
SSH
Service
x
x
xwd
x
wd
x
x
xrwd
xrw
rwd
x
x
x
x
x
x
wd
x
wd
x
x
rwd
x
rwd
x
x
x
x
x
x
x
x
xd
x
x
x
x
x
x
x
x
x
x
xrwd
x
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
xrwd
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
Brocade Communications Systems, Inc.
x
x
x
x
x
xrwd
x
Page 28 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Port
Administrator
User
Crypto Officer
5.3.1
Console
SSH
HTTPS
Console
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
SNMP
SCP
Console
SNMP
DRBG Value V
DRBG Constant C
Hash DRBG
Entropy
HTTPS
HTTPS
x
x
CSP
SSH
SSH
Service
CSP Zeroization
The SSH session key is transient. It is zeroized at the end of a session and recreated at the beginning of a new
session.
The TLS pre-master secret is generated during the TLS handshake. It is destroyed after it is used.
The TLS session key is generated for every HTTPS session. The TLS session key is deleted after the session is
closed.
The DRBG seed and Hash DRBG Entropy is recomputed periodically on 100 millisecond intervals. Each time
this occurs, four bytes of the seed are written into an 8K buffer. When the buffer is full the DRBG V and C
values are regenerated.
The DH private exponent is generated at the beginning of DH KEX. A new random number overwrites the
memory location used to store the value each time a new session is initiated.
The DSA public key cannot be written, read or deleted. The key pair is prebuilt within the code binary. The key
pair is destroyed and recreated each time new firmware is installed.
For SSH, the RSA private key is stored in a locally generated file on flash during the key generation process.
The file is removed during zeroization. The crypto key zeroize command removes the keys.
Executing the no fips enable command zeroizes all RSA private keys.
5.4
Physical Security
NetIron devices require the Crypto Officer to install tamper evident labels (TELs) in order to meet FIPS 140-2
Level 2 Physical Security requirements. The TELs are available from Brocade by ordering FIPS Kit (P/N
Brocade XBR-000195). The Crypto Officer shall follow the Brocade FIPS Security Seal application procedures
prior to operating the module in FIPS mode. The FIPS seal application procedure is available in Appendix A of
this document and defined within Brocade document 53-1002118-02. The procedure can be download at
http://my.brocade.com (See “Documentation>Technical Documentation>Federal Information Process
Standard (FIPS).
6.
Crypto Officer Guidance
For each module to operate in a FIPS approved mode of operation, the tamper evident seals supplied in the
FIPS Kit (P/N Brocade XBR-000195) must be installed, as defined in Appendix A. The FIPS Security Seal
Procedures for Brocade MLXe Series and NetIron CER 2000 Series document [53-1002118-02] provides
instructions on the proper installation of the tamper evident seals.
The security officer is responsible for storing and controlling the inventory of any unused seals. The unused
seals shall be stored in plastic bags in a cool, dry environment between 60° and 70° F (15° to 20° C) and
less than 50% relative humidity. Rolls should be stored flat on a slit edge or suspended by the core.
Brocade Communications Systems, Inc.
Page 29 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
The security officer shall maintain a serial number inventory of all used and unused tamper evident seals. The
security officer shall periodically monitor the state of all applied seals for evidence of tampering. A seal serial
number mismatch, a seal placement change, a checkerboard destruct pattern that appears in peeled film and
adhesive residue on the substrate are evidence of tampering. The security officer shall periodically view each
applied seal under a UV light to verify the presence of a UV wallpaper pattern. The lack of a wallpaper pattern is
evidence of tampering. The security officer is responsible for returning a module to a FIPS approved state after
any intentional or unintentional reconfiguration of the physical security measures.
The Brocade MLX Series and NetIron Family Configuration Guide [53-1001965-01] and Brocade MLX Series
and NetIron Family Federal Information Processing Standards Guide [53-1002735-01]. In particular, the
NetIron family FIPS guide provides configuration instructions specific to operating a NetIron devices in FIPS
140-2 approved mode.
6.1
Mode Status
NetIron devices provide the fips show command to display status information about the device’s FIPS mode.
This information includes the status of administrative commands for security policy, the status of security
policy enforcement, and security policy settings. The fips enable command changes the status of
administrative commands; see also section 6.1.1 FIPS Approved Mode.
The following example shows the output of the fips show command before an operator enters a fips enable
command. Administrative commands for security policy are unavailable (administrative status is off) and the
device is not enforcing a security policy (operational status is off).
FIPS mode: Administrative Status: OFF, Operational Status: OFF
The following example shows the output of the fips show command after an operator enters the fips enable
command. Administrative commands for security policy are available (administrative status is on) but the
device is not enforcing a security policy yet (operational status is off). The command displays the security policy
settings.
FIPS mode: Administrative Status: ON, Operational Status: OFF
Some shared secrets inherited from non-fips mode may not be fips compliant and has to be zeroized.
The system needs to be reloaded to operationally enter FIPS mode.
System Specific:
OS monitor mode access:
Disabled
Management Protocol Specific:
Telnet server:
Disabled
TFTP Client:
Disabled
HTTPS SSL 3.0:
Disabled
SNMP Access to security objects:
Disabled
Critical Security Parameter Updates across FIPS Boundary:
Protocol shared secret and host passwords:
Clear
SSH DSA Host Keys:
Clear
HTTPS RSA Host Keys and Signature:
Clear
The following example shows the output of the fips show command after the device reloads successfully in the
default strict FIPS mode. Administrative commands for security policy are available (administrative status is on)
and the device is enforcing a security policy (operational status is on): The command displays the policy
settings.
FIPS mode: Administrative Status: ON, Operational Status: ON
System Specific:
OS monitor mode access:
Disabled
Management Protocol Specific:
Brocade Communications Systems, Inc.
Page 30 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Telnet server:
Disabled
TFTP Client:
Disabled
HTTPS SSL 3.0:
Disabled
SNMP Access to security objects:
Disabled
Critical Security Parameter Updates across FIPS Boundary:
Protocol shared secret and host passwords:
Clear
SSH DSA Host Keys:
Clear
HTTPS RSA Host Keys and Signature:
Clear
6.1.1
FIPS Approved Mode
This section describes FIPS Approved mode of operation and the sequence of actions that put a NetIron device
in FIPS Approved mode. FIPS Approved mode disables the following:
1. Telnet access including the telnet server command
2. AAA authentication for the console including the enable aaa console command
3. Command ip ssh scp disable
4. TFTP access
5. SNMP access to CSP MIB objects
6. Access to all commands within the monitor mode
7. HTTP access including the web-management http command (applies to Brocade MLXe series only)
8. HTTPS SSL 3.0 access and RC4 cipher (applies to Brocade MLXe series only)
9. Command web-management allow-no-password (applies to Brocade MLXe series only)
Entering FIPS Approved mode also clears:
1. Protocol shared secret and host passwords
2. SSH DSA host keys
3. HTTPS RSA host keys and certificate (applies Brocade MLXe series only)
FIPS Approved mode enables:
1. SCP
2. HTTPS TLS version 1.0 and greater (applies to Brocade MLXe series only)
In FIPS Approved mode, NetIron devices provide FIPS-Approved cryptographic algorithms as well as nonApproved security functions.
Table 22 Algorithm Certificates
Algorithm
Advanced Encryption Algorithm (AES)
Triple Data Encryption Algorithm (TripleDES)
Secure Hash Algorithm
Keyed-Hash Message Authentication code
(HMAC)
Deterministic Random Bit Generator
(DRBG)
Digital Signature Algorithm (DSA)
Rivest Shamir Adleman Signature
Algorithm (RSA)
Brocade Communications Systems, Inc.
Supports
Certificate
128-, 192, and 256-bit keys, ECB and CBC mode
Cert. #1615
KO 1,2 ECB and CBC mode
Cert. #1056
SHA-1, SHA-256, SHA-384, and SHA-512
HMAC SHA-1, HMAC SHA-256, HMAC SHA-384,
HMAC SHA-512
Cert. #1424
Cert. #947
SHA-256 Based SP 800-90 DRBG
Cert. #84
1024-bit keys
Cert. #503
1024-bit and 2048-bit keys
Cert. #793
Page 31 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
The following non-Approved but allowed cryptographic methods are allowed within limited scope in the FIPS
Approved mode of operation:
1. RSA Key Wrapping (key establishment methodology; 1024-bit keys provide 80 bits strength)
2. Diffie-Hellman (DH) (key agreement, key establishment methodology provides 80 bits of encryption
strength)
3. SNMPv3 (Cryptographic function does not meet FIPS requirements and is considered plaintext)
4. MD5 – Used in the TLS v1.0 pseudo-random function (PRF) in FIPS mode (MD5 not exposed to the
operator). Also used in TACACS+ packets for message integrity verification (MD5 not exposed to the
operator).
5. HMAC-MD5 – Used to support RADIUS authentication
6. SSHv2 Key Derivation Function (KDF) - This is a legacy implementation.
7. Non-approved RNG is allowed to be run in the Approved mode
The following non-Approved and not allowed cryptographic methods are not allowed within limited scope in the
FIPS Approved mode of operation:
1. MD2
2. RC2
3. RC4
4. DES
6.1.1.1
Invoking FIPS Approved Mode for Brocade MLXe Series Devices
To invoke the FIPS Approved mode of operation, perform the following steps from the console terminal.
1. Assume Crypto Officer role
2. Enter command: fips enable
a.
The device enables FIPS administrative commands. The device is not in FIPS Approved Mode of
operation yet. Do not change the default strict FIPS security policy, which is required for FIPS
Approved mode.
3. Enter command: fips zeroize all
a.
The device zeros out the shared secrets use by various networking protocols including host access
passwords, SSH host keys, and HTTPS host keys with the digital signature.
4. Save the running configuration: write memory
5. The device saves the running configuration as the startup configuration
6. Reload the device
a.
The device resets and begins operation in FIPS Approved mode.
7. Enter command: fips show
a.
The device displays the FIPS-related status, which should confirm the security policy is the default
security policy.
8. Inspect the physical security of the module, including placement of tamper evident labels according to
Section 6.
6.1.1.2
Invoking FIPS Approved Mode for Brocade NetIron CER 2000 Series Devices
To invoke the FIPS Approved mode of operation, perform the following steps from the console terminal.
1. Assume Crypto Officer role
2. Enter command: fips enable
Brocade Communications Systems, Inc.
Page 32 of 44
NI 5.1.01a Non-Proprietary Security Policy
a.
Version 2.6
The device enables FIPS administrative commands. The device is not in FIPS Approved Mode of
operation yet. Do not change the default strict FIPS security policy, which is required for FIPS
Approved mode.
3. Enter command: fips zeroize all
a.
The device zeros out the shared secrets used by various networking protocols including host
access passwords, SSH host keys, and HTTPS host keys with the digital signature.
4. Save the running configuration: write memory
5. The device saves the running configuration as the startup configuration
6. Reload the device
a.
The device resets and begins operation in FIPS Approved mode.
7. Enter command: fips show
a.
The device displays the FIPS-related status, which should confirm the security policy is the default
security policy.
8. Inspect the physical security of the module, including placement of tamper evident labels according to
Section 6.
6.1.1.3
Negating FIPS Approved Mode for Brocade MLXe Series Devices
To exit the FIPS Approved mode of operation, perform the following steps from the console terminal.
1. Enter command: no fips enable
a.
This will return the device back to normal, non-FIPS mode by enabling the networking
protocols that were disallowed in FIPS mode of operation. For example, Telnet, HTTP, TFTP will
be enabled again. In addition, the restrictions against the non-approved cryptographic
algorithms will also be lifted. For example, MD5, DES algorithms would be allowed.
b.
The device zeroes out the shared secrets used by various networking protocols including host
access passwords, SSH host keys, and HTTPS host keys with the digital signature.
c.
Reload the device to begin non-FIPS mode of operation.
6.1.1.4
Negating FIPS Approved Mode for Brocade CER 2000 Series Devices
To exit the FIPS Approved mode of operation, perform the following steps from the console terminal.
1. Enter command: no fips enable
a.
This will return the device back to normal, non-FIPS mode by enabling the networking
protocols that were disallowed in FIPS mode of operation. For example, Telnet, TFTP will be
enabled again. In addition, the restrictions against the non-approved cryptographic algorithms
will also be lifted. For example, MD5, DES algorithms would be allowed.
b.
The device zeroes out the shared secrets used by various networking protocols including host
access passwords, SSH host keys, and HTTPS host keys with the digital signature.
c.
Reload the device to begin non-FIPS mode of operation.
Brocade Communications Systems, Inc.
Page 33 of 44
NI 5.1.01a Non-Proprietary Security Policy
7.
Version 2.6
References
[53-1001965-01] Brocade MLX Series and NetIron Family Configuration Guide, Brocade Communications
Systems, Inc., Publication number 53-1001965-02, 4 January 2011
[53-1001966-01] Brocade NetIron CES 2000 and NetIron CER 2000 Hardware Installation Guide, Brocade
Communications Systems, Inc., Publication number 53-1001966-01, 07 September 2010
[53-1001967-03] Brocade MLX Series and NetIron XMR Hardware Installation Guide, Brocade
Communications Systems, Inc., Publication Number 53-1001967-03, 01 December 2010
[53-1002118-02] FIPS Security Seal Procedures for Brocade MLXe Series and Brocade NetIron CER 2000
Series, Brocade Communications Systems, Inc., Publication number 53-1002118-02, XX
August 2012
[53-1002735-01] Brocade MLX Series and NetIron Family Federal Information Processing Standards Guide,
Brocade Communications Systems, Inc., Publication number 53-1002735-01, August 2012
[FIPS 186-2+]
Federal Information Processing Standards Publication 186-2 (+Change Notice), Digital
Signature Standard (DSS), 27 January 2000
[RSA PKCS #1]
PKCS #1: RSA Cryptography Specifications Version 2.1, http://tools.ietf.org/html/rfc3447]
[SP800-90]
National Institute of Standards and Technology Special Publication 800-90,
Recommendation for Random Number Generation Using Deterministic Random Bit
Generators (Revised), March 2007
Brocade Communications Systems, Inc.
Page 34 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Appendix A: Tamper Label Application
The FIPS Kit (P/N Brocade XBR-000195) contains the following items:


Tamper Evident Security Seals
o Count 120
o Checkerboard destruct pattern with ultraviolet visible “Secure” image
53-1002458-02 : FIPS Pointer Document Guideline
o This document provides instructions on how to access the [53-1002118-02] FIPS Security Seal
Procedures for Brocade MLXe Series and Brocade NetIron CER 2000 Series, document on the
MyBrocade website.
Use 99% isopropyl alcohols to clean the surface area at each tamper evident seal placement location.
Isopropyl alcohol is not provided in the kit. However, 99% isopropyl alcohol is readily available for purchase
from a chemical supply company. Prior to applying a new seal to an area, that shows seal residue, use
consumer strength adhesive remove to remove the seal residue. Then use additional alcohol to clean off any
residual adhesive remover before applying a new seal.
Applying seals to a Brocade MLXe-4 device
Use the figures in this section as a guide for security seal placement on a Brocade MLXe-4 device. Each
Brocade MLXe-4 device requires the placement of fourteen seals:

Front: Affix one seal from the top of the Management Module (MM) to the front panel of the chassis.
Affix nine more seals—one from each module to the front panel of the chassis. See Figure 10 for
correct seal orientation and positioning.

Rear: Affix four seals from the top panel of the chassis covering a portion of the fan unit lip. You must
bend these seals to place them correctly. See Figure 11 for correct seal orientation and positioning.
Figure 10 Front view of a Brocade MLXe-4 device with security seals
Brocade Communications Systems, Inc.
Page 35 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Figure 11 Rear and side view of a Brocade MLXe-4 device with security seals
Brocade Communications Systems, Inc.
Page 36 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Applying seals to a Brocade MLXe-8 device
Use the figures in this section as a guide for security seal placement on a Brocade MLXe-8 device. Each
Brocade MLXe-8 device requires the placement of seventeen seals:

Front: Affix fifteen seals—one seal from each module to the front panel of the chassis. The seal for
the Management Module (MM) is vertically oriented and is positioned so that half is affixed to the top
panel of the chassis and half of the seal is affixed to the control module. You must bend this seal to
position it correctly. See Figure 12 for correct seal orientation and positioning.

Rear: Affix two vertically-oriented seals from the top panel of the chassis covering a portion of the fan
unit lip. One seal will be to the left of the upper leftmost securing post; and the other seal will be to
the right of the rightmost securing post. You must bend these seals to position them correctly. See
Figure 13 for correct seal orientation and positioning.
Figure 12 Front view of a Brocade MLXe-8 device with security seals
Brocade Communications Systems, Inc.
Page 37 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Figure 13 Rear and side view of a Brocade MLXe-8 device with security seals
Brocade Communications Systems, Inc.
Page 38 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Applying seals to a Brocade MLXe-16 device
Use the figures in this section as a guide for security seal placement on a Brocade MLXe-16 device. Each
Brocade MLXe-16 device requires the placement of twenty-four seals:


Front: A total of twenty-two seals must be placed on the front panel of each Brocade MLXe-16
device. See Figure 14 for correct seal orientation and positioning.
-
Affix eleven vertically-oriented seals along the top row of modules; each seal must be affixed
to the front panel of the chassis and to the upper right side of each module.
-
Affix eleven vertically-oriented seals along the bottom row of modules; each seal must be
affixed to the bottom left side of each module and to the front panel of the chassis.
Rear: Affix two vertically-oriented seals from the top panel of the chassis covering a portion of the
fan unit lip. One seal will be to the left of the upper leftmost securing post; and the other seal will
be to the right of the rightmost securing post. You must bend these seals to position them
correctly. See Figure 15 for correct seal orientation and positioning.
Figure 14 Front view of a Brocade MLXe-16 device with security seals
Brocade Communications Systems, Inc.
Page 39 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Figure 15 Rear and side view of a Brocade MLXe-16 device with security seals
Brocade Communications Systems, Inc.
Page 40 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Applying seals to Brocade NetIron CER 2024 devices
Use the figures in this section as a guide for security seal placement on Brocade NetIron CER 2024C and
CER 2024F devices. The connectors on the faceplate of a particular model may vary, but the placement
of the seals is the same.
Brocade NetIron CER 2024C and CER 2024F devices require the placement of 21 seals:

Top: Affix one seal lengthwise completely covering the top rightmost screw that connects the
faceplate to the device. See Figure 16 for correct seal orientation and positioning.

Right and left sides: Affix seven seals on each side of the device. The seals placed on the sides
must each be vertically oriented and cover two open holes. See Figure 16 for correct seal
orientation and positioning on the right side. The orientation and placement of seals on the left
side mirrors the orientation and placement of seals on the right side. See Figure 17 for correct
seal orientation and positioning on the left side.

Front: Affix a seal from the front panel to the bottom panel. See Figure 16 for correct seal
orientation and placement.

Rear: Affix four seals from the top panel to the rear panel. Affix one seal from the rear panel to
the bottom panel. See Figure 17 for correct seal orientation and placement.
Figure 16 Front, top, and right side view of a Brocade NetIron CER 2024 device with security seals
Brocade Communications Systems, Inc.
Page 41 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Figure 17 Rear, top, and left side view of a Brocade NetIron CER 2024 device with security seals
Brocade Communications Systems, Inc.
Page 42 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Applying seals to Brocade NetIron CER 2048 devices
Use the figures in this section as a guide for security seal placement on Brocade NetIron CER 2048C and
CER 2048F series devices. The connectors on the faceplate of a particular model may vary, but the
placement of the seals is the same.
Brocade NetIron CER 2048C, Brocade NetIron CER 2048CX, Brocade NetIron CER 2048F and Brocade
NetIron CER 2048FX devices require the placement of 20 seals:

Top: Affix one seal lengthwise completely covering the top rightmost screw that connects the
faceplate to the device. See Figure 18 for correct seal orientation and positioning.

Right and left sides: Affix seven seals on each side of the device. The seals placed on the sides
must each be vertically oriented and cover two open holes. See Figure 18 for correct seal
orientation and positioning on the right side. The orientation and placement of seals on the left
side mirrors the orientation and placement of seals on the right side. See Figure 19 for correct
seal orientation and positioning on the left side.

Rear: Affix four seals from the top panel to the rear panel. Affix one seal from the rear panel to
the bottom panel. See Figure 19 for correct seal orientation and placement
Figure 18 Front, top, and right side view of a Brocade NetIron CER 2048 device with security seals
Brocade Communications Systems, Inc.
Page 43 of 44
NI 5.1.01a Non-Proprietary Security Policy
Version 2.6
Figure 19 Rear, top and left side view of a Brocade NetIron CER 2048 device with security seals
Brocade Communications Systems, Inc.
Page 44 of 44