- play_arrow Overview
- Understanding the Common Criteria Evaluated Configuration
- Understanding Junos OS in FIPS Mode of Operation
- Understanding FIPS Mode of Operation Terminology and Supported Cryptographic Algorithms
- Configuring the Time and Date
- Configuring the User Session Idle Timeout
- Understanding Management Interfaces
- play_arrow Configuring Administrative Credentials and Privileges
- play_arrow Configuring Network Time Protocol
- play_arrow Configuring SSH and Console Connection
- play_arrow Configuring the Remote Syslog Server
- play_arrow Configuring Audit Log Options
- play_arrow Configuring Event Logging
- play_arrow Configuring VPNs
- play_arrow Configuring Security Flow Policies
- play_arrow Configuring Traffic Filtering Rules
- Overview
- Understanding Protocol Support
- Configuring Traffic Filter Rules
- Configuring Default Deny-All and Reject Rules
- Logging the Dropped Packets Using Default Deny-all Option
- Configuring Mandatory Reject Rules for Invalid Fragments and Fragmented IP Packets
- Configuring Default Reject Rules for Source Address Spoofing
- Configuring Default Reject Rules with IP Options
- Configuring Default Reject Rules
- play_arrow Configuring Network Attacks
- Configuring IP Teardrop Attack Screen
- Configuring TCP Land Attack Screen
- Configuring ICMP Fragment Screen
- Configuring Ping-Of-Death Attack Screen
- Configuring tcp-no-flag Attack Screen
- Configuring TCP SYN-FIN Attack Screen
- Configuring TCP fin-no-ack Attack Screen
- Configuring UDP Bomb Attack Screen
- Configuring UDP CHARGEN DoS Attack Screen
- Configuring TCP SYN and RST Attack Screen
- Configuring ICMP Flood Attack Screen
- Configuring TCP SYN Flood Attack Screen
- Configuring TCP Port Scan Attack Screen
- Configuring UDP Port Scan Attack Screen
- Configuring IP Sweep Attack Screen
- play_arrow Configuring the IDP Extended Package
- play_arrow Configuring Cluster Mode
- play_arrow Performing Self-Tests on a Device
- play_arrow Configuration Statements
- checksum-validate
- code
- data-length
- destination-option
- extension-header
- header-type
- home-address
- identification
- icmpv6 (Security IDP Custom Attack)
- ihl (Security IDP Custom Attack)
- option-type
- reserved (Security IDP Custom Attack)
- routing-header
- sequence-number (Security IDP ICMPv6 Headers)
- type (Security IDP ICMPv6 Headers)
- play_arrow Junos-FIPS Configuration Restrictions
Understanding Services for Junos OS in FIPS Mode of Operation
All services implemented by the module are listed in the tables that follow.
Understanding Authenticated Services
Table 1 lists the authenticated services on the device running Junos OS.
Authenticated Services | Description | Security Administrator | User (read-only) | User (network) |
---|---|---|---|---|
Configure security | Security relevant configuration | x | – | – |
Configure | Non-security relevant configuration | x | – | – |
Secure traffic | IPsec protected routing | – | – | x |
Status | Display the status | x | x | – |
Zeroize | Destroy all critical security parameters (CSPs) | x | – | – |
SSH connect | Initiate SSH connection for SSH monitoring and control (CLI) | x | x | – |
IPsec connect | Initiate IPsec connection (IKE) | x | – | x |
Console access | Console monitoring and control (CLI) | x | x | – |
Remote reset | Software-initiated reset | x | – | – |
Service | Description |
---|---|
Local reset | Hardware reset or power cycle |
Traffic | Traffic requiring no cryptographic services |
Critical Security Parameters
Critical security parameters (CSPs) are security-related information such as cryptographic keys and passwords that can compromise the security of the cryptographic module or the security of the information protected by the module if they are disclosed or modified.
Zeroization of the system erases all traces of CSPs in preparation for operating the device as a cryptographic module.
Critical Security Parameters lists the CSP access rights within services.
Service | CSPs | |||||
---|---|---|---|---|---|---|
DRBG_Seed | DRBG_State | SSH PHK | SSH DH | SSH-SEK | ESP-SEK | |
Configure security | – | E | G, W | – | – | – |
Configure | – | – | – | – | – | – |
Secure Traffic | – | – | – | – | – | E |
Status | – | – | – | – | – | – |
Zeroize | Z | Z | Z | Z | Z | Z |
SSH connect | – | E | E | G, E | G, E | – |
IPSec connect | – | E | – | – | – | G |
Console access | – | – | – | – | – | – |
Remote reset | G, E | G | – | Z | Z | Z |
Local Reset | G, E | G | – | Z | Z | Z |
Traffic | – | – | – | – | – | – |
Keys/CSPs | CSPs | |||||
DRBG_Seed | DRBG_State | SSH PHK | SSH DH | SSH-SEK | ESP-SEK | |
Configure security | – | E | G, W | – | – | – |
Configure | – | – | – | – | – | – |
Secure Traffic | – | – | – | – | – | E |
Status | – | – | – | – | – | – |
Zeroize | Z | Z | Z | Z | Z | Z |
SSH connect | – | E | E | G, E | G, E | – |
IPSec connect | – | E | – | – | – | G |
Console access | – | – | – | – | – | – |
Remote reset | G, E | G | – | Z | Z | Z |
Local Reset | G, E | G | – | Z | Z | Z |
Traffic | – | – | – | – | – | – |
Here:
G = Generate: The device generates the CSP.
E = Execute: The device runs using the CSP.
W = Write: The CSP is updated or written to the device.
Z = Zeroize: The device zeroizes the CSP.
Service | Purpose | Storage Location | Method of Zeroization |
---|---|---|---|
SSH Private Host Key | Generated with the random number generator when the SSH is first set up. Used to identify the host. ecdsa-sha2-nistp256 (ECDSA P‐256, ECDSA P-384, ECDSA P-521) and/or ssh-rsa (RSA 2048) | Plaintext on the virtual disk. | When the TOE is recommissioned, the config files (including CSP files) are removed using the Linux shred command to wipe the persistent storage media. |
SSH Private Host Key | Loaded into memory to complete session establishment | Plaintext in volatile memory. | The TOE calls |
SSH Session Key | Session keys used with SSH, AES 128, 256, hmac-sha-1, hmac-sha2-256 or hmac-sha2-512 key (160, 256 or 512), DH Private Key (2048 or elliptic curve 256/384/521-bits) | Plaintext in volatile memory | The TOE calls |
RNG state | Internal state and seed key of the RNG | Plaintext in volatile memory | Handled by kernel, overwritten with zeros at reboot. |
IKE Private Host Key | Private authentication key used in IKE. RSA 2048, ECDSA P‐256, ECDSA P‐384 | Plaintext in virtual disc or in flash memory | Erased by the Administrator issuing Private keys stored in flash are not zeroized unless an explicit
|
IKE-SKEYID | IKE master secret used to derive IKE and IPsec ESP session keys | Plaintext in volatile memory | Erased by the Administrator issuing |
IKE Session Key | IKE Session keys. AES, HMAC | Plaintext in volatile memory | Erased by the Administrator issuing |
ESP Session Key | ESP Session Keys. AES, HMAC | Plaintext in volatile memory | Erased by the Administrator issuing |
IKE-DH Private Exponent | Ephemeral DH private exponent used in IKE. DH N = 224 bit, ECDH P‐256, or ECDH P‐384 | Plaintext in volatile memory | Erased by the Administrator issuing |
IKE-PSK | Pre-shared authentication key used in IKE | Hashed in virtual disc or flash memory | Erased by Administrator issuing a Keys stored in flash are not zeroized unless an Administrator
issues a |
ecdh private keys | Loaded into memory to complete key exchange in session establishment | Plaintext in volatile memory | The TOE calls |