R&S®AFQ100B Instrument Security Procedures
Contents
1. Products Signal Generators R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Resolving Security Issues when working with R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A or R amp S AFQ100A or R amp S AFQ100B in Secure Areas Based upon the user s security requirements this document describes the Rohde amp Schwarz options available to address the user s signal generator needs It also covers the different memory types and locations where user information can be stored in the signal generator R amp S SMU200A In addition this document also covers the following R amp S Signal Generators R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A and R amp S AFQ100B amp ROHDE amp SCHWARZ 1171 6221 52 04 Subject to Change 09 2010 Instrument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B nk sheik csi eee DN 3 Instrument Models Covered csc ra 3 Banery DAG sa na U 1081458045005565 oe eee 3 Types of Memory in the R amp S SMU200A and its Security Concerns rrseyerererese 4 Information Storage in the R amp S SMU200A Signal Generator rerereseseseseeese 7 Maintaining Security Sanitizing i 4ci44541441i44si 4i15452. Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Information Storage in the R amp S SMU200A Signal Generator DATA SDRAM FLASH EEPROM HARD DRIVE R amp S AFQ100A B Removable Hard Disc Temporary Information storage for the CPU CPU Cache and Swap Area Hardware Info Serial Number Product Options and Calibration Correction Constants Operation Time Power On Count Relays switching Count BIOS and Module Relevant Data such as the module serial number and options Operating System and Instrument Firmware Instruments states setups and user data e g waveforms 1171 6221 52 04 N No security concern S Security concern Rohde amp Schwarz Instrument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Maintaining Security Sanitizing 1171 6221 52 04 Clearing the different types of memory SDRAM This memory is volatile All you have to do is remove the power from the instrument and all data stored in it will be lost Hard Drive All user specific data like gt Instrument states and setups gt Waveforms data lists list mode lists is stored on the internal hard drive or for R amp S AFQ instruments on the removable hard disc respectively Simply deleting the
3. amp S AFQ100B signal generators is described It also addresses methods of ensuring that no user data will leave the secured area if the product has to be removed for calibration or service needs Instrument Models Covered R amp S Signal Generator R amp S SMU200A R amp S SMJ100A R amp S SMATE200A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B In the following document as instrument it is always referred to the R amp S SMU200A while the information is valid for all models covered If there are some special points for one specific instrument it is given and stated clearly Battery Information The only battery used on the R amp S SMU200A is located on the CPU board This battery is used exclusively for powering the real time clock in the chipset and the CMOS SRAM memory The CMOS SRAM memory is used only to store the BIOS setup The CMOS SRAM is not a security concern 1171 6221 52 04 3 Rohde amp Schwarz Instrument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Types of Memory in the R amp S SMU200A and its Security Concerns 1171 6221 52 04 SDRAM Memory The R amp S SMU200A has 256 512 Mbyte of SDRAM memory on the CPU board SDRAMs are volatile memories and lose their data when the power supply is switched off The SDRAM will be unreadable within one minute after the power is removed from the instrument The SD
4. is removed from the instrument The following information is stored on hard drive e The R amp S SMU200A s operating system Microsoft Windows e The R amp S SMU200A s firmware e Instruments states setups and user data e g waveforms The hard drive is a security concern 4 Rohde amp Schwarz Instrument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B 1171 6221 52 04 5 Rohde amp Schwarz Instrument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A 1171 6221 52 04 R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Removable Hard Disc of the R amp S AFQ100A and R amp S AFQ100B The removable hard disc 160 Gbyte is the nonvolatile storage medium in the R amp S AFQ100A and in the R amp S AFQ100B Because the hard disc is nonvolatile user data is not erased when power is removed from the instrument The following information is stored on the hard disc e Instrument settings manually saved instrument setups e User data like waveforms or list mode data and temporary files needed to create these files The removable hard disc allows a user to remove the hard disc from the signal generator The hard disc can thus be removed from the R amp S AFQ100A or from the R amp S AFQ100B before it leaves the high security area The hard disc is not a security concern 6 Rohde amp Schwarz Instrument
5. one can activate and deactivate the possibility to connect a USB mass storage device To do so the root password is required The root password can be changed in the same dialog It is recommended to actually change this password from its default see manual for details When deactivated no USB mass storage device can be connected 1 Firmware version 2 04 will be available from December 2006 1171 6221 52 04 10 Rohde amp Schwarz Instrument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Special considerations for LAN ports Some users select not to install a LAN within their high security locations To disable LAN Ports Firmware version below 2 10 R amp S AFQ100A only The R amp S AFQ100A signal generator can disable its LAN ports by means of BIOS Setting a BIOS password is recommended Firmware version 2 10 or higher The R amp S SMU100A likewise the R amp S SMJ100A R amp S SMATE200A signal generator can disable its LAN ports by means of firmware starting from December 2006 In the Setup Security menu one can activate and deactivate the LAN connector To do so the root password is required The root password can be changed in the same dialog It is recommended to actually change this password from its default When deactivated no LAN connection can be established with the instrument 1171 6221 52 04 11 Rohde amp Schwarz Ins
6. RAM is not a security concern EEPROM Memory Every module with the exception of the motherboard is equipped with a serial EEPROM These EEPROMs have a capacity of 2 Kbyte memory size might be subject to changes without further notice and contain module relevant data such as the serial number of the module calibration data etc and cannot be accessed by the user The data can only be changed by the service center when the R amp S SMU200A or the module is calibrated User data cannot be stored on the EEPROM memory The EEPROM is not a security concern FLASH Memory There are two FLASH memories in the R amp S SMU200A The first 512k FLASH memory contains the BIOS It is on the CPU board of the R amp S SMU200A The second 1 Mbyte FLASH memory contains module relevant data such as the serial number of the module options calibration data etc It is located on the motherboard of the R amp S SMU200A The user cannot access either memory The FLASH memory data can only be changed by the service center when the R amp S SMU200A or the module is calibrated The FLASH memory is not a security concern Hard Drive The hard drive is the nonvolatile storage medium in the R amp S SMU200 with the exception of the R amp S AFQ100 instruments which are eqiupped with a removable hard disc see Removable Hard Disc of the R amp S AFQ100A and R amp S AFQ100B Because the hard drive is nonvolatile user data is not erased when power
7. d to disable the USB ports a memory stick can be used to transport a firmware update into a secure area The instrument firmware update can be performed directly from the USB stick The USB stick can likewise hold or transport user data back ups to an approved storage medium Via LAN R amp S SMU200A signal generators are equipped with LAN as standard equipment As described below users can disable these ports For users that have not elected to disable the LAN the LAN interface can be used to transport the firmware update onto the instrument There the firmware update can be stored on the internal hard drive From the hard drive the update can be performed Special considerations for USB ports USB ports can pose a security threat in high security locations Generally this threat comes from small USB pen drives a k a memory sticks key drives etc which can be very easily concealed yet can quickly read write several GBytes of data To disable USB Ports Firmware version below 2 04 R amp S AFQ100A only The R amp S AFQ100A signal generator can disable its USB port by means of BIOS Setting a BIOS password is recommended All other equipment need firmware version 2 04 at least to disable the USB ports Firmware version 2 04 or higher The R amp S SMU200A likewise the R amp S SMJ100A R amp S SMATE200A signal generator can disable its USB port by means of firmware starting from December 2006 In the Setup Security menu
8. ng to DOD 5220 22 M NISPOM 8 306 User data passwords and other confidential data will be irretrievably destroyed This also applies to data fragments stored in deleted files or in memory blocks marked as defective during instrument operation 4 Passwords are reset to factory values USB and Ethernet interfaces are enabled In the case hard disks must be destroyed physically empty hard disks are also available from the R amp S service department The replacement is explained in detail in the service manual delivered with R amp S SMU200A 9 Rohde amp Schwarz Instrument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Performing Firmware Updates and Backing up User Data in Sensitive Areas Rohde amp Schwarz highly recommends but does not require the users of its products to maintain their products with the latest updates and to regularly back up important user data that can be erased Firmware updates are available from the R amp S website How does a user perform firmware updates and back up user data in sensitive areas There are several options available for the user to safely perform these operations without compromising the security of the sensitive areas Via the USB port R amp S SMU200A signal generators are equipped with USB ports as standard equipment As described below users can disable these ports For users that have not electe
9. se files is not sufficient from a security perspective To meet security requirements the R amp S SMU200A provides a sanitizing procedure that ensures that user data will be irretrievably extinguished without removing storage from the instrument Notice to R amp S AFQ100A R amp S AFQ100B Do not use the function Initialize Hard Disc for sanitizing It is only intended for setting up the hard disc All necessary parts and tools are available from the R amp S service department e Recovery CD with sanitizing program e External CD drive e Spare hard disks in case of the hard disk must be destroyed physically 8 Rohde amp Schwarz Instrument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A 1171 6221 52 04 R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Sanitizing To sanitize an R amp S SMU200A perform the following steps 1 Connect the external CD drive to the instrument 2 Insert the Recovery CD 3 Boot the instrument 4 Select Wipe disk from the menu After sanitization the instrument is not operational The following two steps must be performed in order to repair it 1 Recover the operating system by using the Recovery CD 2 Install the firmware from USB The newest version recommended can be downloaded from www rohde schwarz com older versions can be retrieved from the R amp S service department This sanitization meets the following requirements 1 It is accordi
10. trument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Additional Information Please contact your Rohde amp Schwarz support center for comments and further suggestions The current address and phone number can be found on the R amp S website http www customersupport rohde schwarz com ROHDE amp SCHWARZ ROHDE amp SCHWARZ GmbH amp Co KG MihldorfstraBe 15 D 81671 M nchen P O B 80 14 69 D 81614 M nchen Telephone 49 89 4129 0 Fax 49 89 4129 13777 Internet http Awww rohde schwarz com 1171 6221 52 04 12 Rohde amp Schwarz
11. xi H si anu rosnie rra K e W AA E GES AWE ER n NR WERANE 8 Performing Firmware Updates and Backing up User Data in Sensitive Areas 10 Special considerations for USB ports sssesesereseseeeseseseseseeeee ceke k ye k HK HK KK HKH HK HHR 10 Special considerations for LAN ports s csssssessssesseessseesseeeee ceno ce beoe cene c HU V HU KK W NK WA HKH HK 11 Additional Ten FOr AGO i ii i 5i44 444 44444y54444 44444454kak6 4 k na h k An NE n A RN HE SANANA RA WO K A HEKU A kK GE RAN 12 1171 6221 52 04 2 Rohde amp Schwarz Instrument Security R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A R amp S AFQ100B Overview In many cases it is imperative that R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A or R amp S AFQ100B signal generator can be used in a secured environment Generally these highly secured environments will not allow any test equipment to leave the area unless it can be proven that no user information will leave with the test equipment Security concerns can arise when signal generators need to leave a secured area to be calibrated or serviced In the following the types of memory and their usage in the R amp S SMU200A R amp S SMATE200A R amp S SMJ100A R amp S AMU200A R amp S AFQ100A or R
Download Pdf Manuals
Related Search