Module Name
Network Security Platform Sensor NS-3100, NS-3200, NS-5100 and NS-5200
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode and configured per Security Policy Sections 8 and 9 and with the tamper evident seals installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks.
Approved Algorithms
| AES |
Cert. #4619 |
| CKG |
vendor affirmed |
| CVL |
Certs. #1273 and #1274 |
| DRBG |
Cert. #1548 |
| HMAC |
Cert. #3055 |
| KTS |
AES Cert. #4619 and HMAC Cert. #3055, key wrapping; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Certs. #2514 and #2525 |
| SHS |
Certs. #3783 and #3791 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
P/Ns IPS-NS3100 Version 1.00, IPS-NS3200 Version 1.00, IPS-NS5100 Version 1.00 and IPS-NS5200 Version 1.00; FIPS Kit P/N IAC-FIPS-KT2
Firmware Versions
8.1.17.32
