Dell AP-135 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Dell AP-135. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Dell AP-135 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Dell AP-135 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Dell AP-135 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Dell AP-135
- nom du fabricant et année de fabrication Dell AP-135
- instructions d'utilisation, de réglage et d’entretien de l'équipement Dell AP-135
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Dell AP-135 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Dell AP-135 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Dell en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Dell AP-135, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Dell AP-135, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Dell AP-135. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    1 FIPS 140-2 Non-Proprietary Security Policy for Aruba AP-13 4, AP -135 and Dell W- AP 134, W - A P1 35 Wireless A ccess Points Version 1.2 February 20 12 Aruba Networks™ 1322 Crossman Ave. Sunnyvale, C A 94089- 1113[...]

  • Page 2

    2[...]

  • Page 3

    3 1 INTRODUCTION .................................................................................................................................. 5 1.1 A RUBA D ELL R ELATIONSHIP ............................................................................................................. 5 1.2 A CRONYMS A ND A BBREVIATION S ......................[...]

  • Page 4

    4 4.1.3 Wireless Clien t Authenticatio n ................................................................................................. 23 4.1.4 Strength of Authentication Mech anisms ................................................................................... 23 4.2 S ERVICES ..............................................................[...]

  • Page 5

    5 1 Introduction This document constitutes t he non-prop rietary Cryptographic Mod ule Security Policy for the AP - 134 , AP- 135 Wireless Access Points with FIP S 140 -2 Level 2 validation fro m Aruba Networks. This securit y policy describes how the AP meets the securit y requirements of FIPS 1 40 -2 Level 2, and how to place and maintain the AP [...]

  • Page 6

    6 SHA Secure Hash Algorithm SN MP Sim ple Network Management Protocol SPOE Serial & Power Over Ethernet TEL Tamper-Evident Label TFTP Trivial File Transfer Proto col WLAN Wireless Local Area Network[...]

  • Page 7

    7 2 Product O v er v iew This section i ntroduces the var ious Aruba Wireless Access P oin ts, providing a brief overview and sum mary of the physical features of eac h model covered b y this FIPS 140 -2 security polic y. 2.1 AP - 134 This section introduces t he Aruba AP- 134 Wireless Access Po int (AP) with FIPS 140 -2 Level 2 validation. It desc[...]

  • Page 8

    8 The module provides the foll owing po wer interfaces:  48V DC 802.3af or 80 2.3at or P oE + interoperable Po w er -over-Ethernet (Po E) with i ntelli-source PSE sourcing intelligence  12V DC for external AC s upplied power (adapter so ld separately) 2.1.1.3 Indicator LEDs There are 5 bicolor (power, EN ET and WLAN) LEDs which o perate as fo[...]

  • Page 9

    9 2.2 AP -1 35 This section introduces t he Aruba AP- 13 5 W ireless Access P oint (AP) with FIPS 140 -2 Level 2 validation. It describes the purp ose of the AP, its physical a ttributes, and its interfaces. The Aruba AP- 13 5 is hi gh-performance 802.1 1n (3x3:3) MIMO, dual-radio (concurrent 8 02.11a/n + b/g/n) indoor wireless access point s capab[...]

  • Page 10

    10  5V DC for external AC supplied power (adapter sold separately) 2.2.1.3 Indicator LEDs There are 5 b icolor (power, ENET and WLAN) LEDs which oper ate as follows: Table 2- AP -1 35 Indicator LEDs Label Function Action Status PWR AP power / read y status Off No power to AP Red Initial power-up co ndition Flashing – Green Device booting, not [...]

  • Page 11

    11 3 Module Objecti v es This section d escribes th e a ssurance level s for each o f the areas described in the FIPS 140 -2 Standar d. In addition, it pro vides information on placing the module i n a FIPS 140 -2 approved configuration. 3.1 Security Levels Section Section Title Level 1 Cryptographic Module Sp ecification 2 2 Cryptographic Module P[...]

  • Page 12

    12 3.2.2 AP - 134 TEL Placement This section displays all the TEL locations of the Aruba AP -134. T he A P-134 requires a minimum o f 5 TELs to be applied as follo ws: 3.2.2.1 To detect openin g of the chassis cover: 1. Spanning the bottom and top chassis covers and placed in the front left corner 2. Spanning the bottom and top chassis covers and p[...]

  • Page 13

    13 Figure 4 : AP -134 Top View Figure 5: AP -134 Right View Figure 6: AP -134 Bottom View 3.2.3 AP - 135 TEL Placement This section displays all the T EL locations of the Aruba A P- 135 . The A P-134 requires a m inimum of 5 TELs to be applied as follows: 3.2.3.1 To detect openi ng of the chassis cov er: 1. Spanning the bottom and top chassis cover[...]

  • Page 14

    14 2. Spanning the bottom and top chassis covers and placed in the back left corner 3. Spanning the chassis scre w on the botto m left corner 4. Spanning the chassis screw on the botto m right corner 3.2.3.2 To detect access to re stricted ports 5. Spanning the serial por t Following is the T EL placement for the AP - 135 : Figure 7 : AP -135 Front[...]

  • Page 15

    15 Figure 11: AP -135 Top view Figure 12: AP - 135 Bottom View 3.2.4 Inspection/Testing of Physical Security Mechanisms Physical Security M echanism Recommended Te st Frequency Guidance Tamper-evident labels (T ELs) Once per month Examine for any sign of remo val, replacement, tearing, etc. See images above for locations of TELs Opaque module enclo[...]

  • Page 16

    16 3.3 Modes of Operat ion The module has the following FIP S approved modes of operations: • Remote AP (RAP) FIPS mode – W hen the module is configured as a Remote AP, it is intended to be deploy ed in a remote location (relative to the Mobility Controller ). T he module pro vides cryptographic processing i n the for m of IPSec for all traffic[...]

  • Page 17

    17 6. If the staging contro ller does not p rovide PoE, either ensure the presence of a P oE injector for the LAN connection bet ween the module and the co ntroller, or ensure t he presence o f a DC po wer supply appropriate to the particular model of the module. 7. Connect the module via an Ethernet cable to the sta ging contr oller ; note that th[...]

  • Page 18

    18 7. Connect the module via an Ethernet cable to the sta ging controller; no te that this should b e a direc t connection, with no intervening net work or devices; i f Po E is being supplied by an inj ector, th is represents the o nly exception. That is, nothing o ther than a P oE injector should b e present b etween the module and the sta ging co[...]

  • Page 19

    19 Section “ Pr ovisioning an Indi vidual AP ” o f Chapter “ The Basic User-Centric Net works ” o f the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning pro cess. a. During the provisioning proce ss as Remote Mesh Portal, if Pre -shared ke y is selected to be the Re mote IP Authentication Me thod, the IKE pre-s[...]

  • Page 20

    20 represents the o nly exception. That is, nothing o ther than a P oE injector should b e present b etween the module and the sta ging controller. 8. Once t he module is co nnected to the co ntroller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you sho uld see an entr y for the AP. Select that[...]

  • Page 21

    21 3.5 Logical Interfaces The ph ysical interfaces are d ivided into logical interface s defined b y FIP S 140 -2 as described in the following table. FI PS 140-2 Logical Interface Module Physical Interfa ce Data Input Interface 10/100/1000 Ethernet P orts 802.11a/b/g/n Radio T ransceiver Data Output Interface 10/100/1000 Ethernet P orts 802.11a/b/[...]

  • Page 22

    22 4 Roles, A u thentication an d Services 4.1 Roles The module s upports the roles of Cr ypto Officer, User , and Wireless Client; no additio nal roles ( e.g., Maintenance) are suppo rted. Ad ministrative op erations car ried out by the Aruba Mobility C ontroller map to the Crypto Officer role. The Cr ypto Officer ha s t he ability to co nfigure, [...]

  • Page 23

    23 4.1.2 User Authentication Authentication for the User role depends on the module configuration. When the module is configured as a Remote Mesh Portal FIP S mode and Re mote Mesh P oint FIP S mode, the U ser role is authenticated via t he WPA2 p re-shared ke y. When the mod ule i s co nfigured as a Remote A P FIPS mode and CPSec protected AP FIP [...]

  • Page 24

    24 Authentication Mechanis m Mechanis m Strength Wireless Client WPA2-PSK (Wireless Client role) For WPA2 -PSK there are at least 95^1 6 (=4.4 x 10^31) possible combinations. In order to test a guessed key, the attac ker must complete the 4-way handshake with the AP. Pr ior to completing the 4 -way handshake, t he attacker must co mplete the 802.11[...]

  • Page 25

    25 4.2 Services The module provides vario us services depending o n role. These are descr ib ed below. 4.2.1 Crypto Officer Services The CO role in each of FIP S modes defi ned in section 3.3 has the same services Service Description CSPs Accessed ( see secti on 6 below for complete descrip tion of CSPs) FIPS mode enable/di sable The CO selects/de [...]

  • Page 26

    26 Service Description CSPs Accessed ( see secti on 6 below for complete descrip tion of CSPs) Creation/use of secure management session bet ween module and CO The module supports use of IPSec for securing the management channel.  IKEv1/IKEv2 Preshared Secret  DH Private Ke y  DH Public Ke y  IPSec session encr yption keys  IPSec ses[...]

  • Page 27

    27 Service Description CSPs Accessed ( see secti on 6 below for complete descrip tion of CSPs)  802.11i AES-C CM key  802.11i GMK  802.11i GTK Use of WPA pre -shared key for establishment of IEEE 802.11i keys When the module is i n mesh configuration, the inter -module mesh links are secured with 802.11i. This is authe nticated with a shar[...]

  • Page 28

    28  System status – SYSLOG and module LEDs  802.11 a/b/g/n  FTP  TFTP  NTP  GRE tunneling of 802 .11 wireless user frames ( when acting as a “Local AP”)  Reboot module b y removing/replacing power  Self-test and initializatio n at power-on[...]

  • Page 29

    29 5 Cryptographic Algorith ms FIPS-approved cryptographic algorithms have bee n implemented in hard w are and firmware. The firmware suppo rts the following cryptographic imple mentations.  ArubaOS OpenSSL AP Module implements the follo wing FIPS -app roved algorithms: o AES (Cert. #18 51) o HMAC (Cert. #109 9) o RNG (Cert. #970 ) o RSA (Cert. [...]

  • Page 30

    30 6 Critical Securit y Parameters The following Critical Sec urity Parameters (CSPs) are used by the module: CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE Key Encryption Ke y (KEK) Triple-DES 168 -bits key Hard-coded Stored in flash, zeroized b y th e ‘ap wipe out flash’ command. Encrypts IKEv1/IKEv2 preshared keys and configuration par[...]

  • Page 31

    31 CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE IKEv1/IKEv2 Diffie - Hellman Private key 1024 -bit Diffie- Hellman private key Generated internall y during IKEv1/IKEv2 negotiation Stored in plaintext in volatile memory; zeroized when session is closed or system is powered off Used in establishing the session key for IPSec IKEv1/IKEv2 Diffie[...]

  • Page 32

    32 CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE WPA2 PSK 16 - 64 character shared secret used to authenticate mesh connections and in remote AP advanced configuration CO configured Encrypted in flash using the KEK; zeroized by updating through administrative interface, or by the ‘ap wipe out flash’ command. Used to derive the PMK for 80[...]

  • Page 33

    33 CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE 802.11i Gro up Master Key (GMK) 256 -bit secret used to derive GTK Generated from appro ved RNG Stored in plaintext in volatile memory; zeroized o n reboot Used to derive Group Transient Key (GTK) 802.11i Gro up Transient Ke y (GTK) 256 -bit shared secret used to derive group (multicast) encry[...]

  • Page 34

    34 7 Self T es t s The module perfor ms the follo wing Self Tests af ter being config ured into either Re mote AP mode or Remote Mesh P ortal mode. The module perfor ms both po wer-up and co nditional self -tests. In t he event an y self-test fails, the module enters an error state, lo gs the error, and reboo ts automatically. The module performs t[...]

  • Page 35

    35 Self-test results are written to the serial console. In the event of a K ATs failure, the AP logs different messages, dep ending on the error. For an ArubaOS OpenSS L AP module and ArubaOS c ryptographic m odule KAT failure: AP rebooted [DATE][TIME] : Restarting System, SW FIPS KAT failed For an AES Atheros hardware POST failure: Starting HW SHA[...]