Juniper Networks Odyssey Access Client FIPS Edition

Odyssey Access Client FIPS Edition Overview:

The need today is greater than ever to ensure that systems are securely configured. Government agencies and secure enterprises must provide reliable, secure, and timely network access to employees and contractors while protecting sensitive information and resources. Many government agencies and ministries are also required to procure only IT offerings certified compliant with rigorous, government-set standards while at the same time under mandate to cut costs, driving them in many cases to use commercial off-the-shelf (COTS) products.

Juniper Networks is uniquely positioned to deliver on these needs with proven commercially available security solutions that provide the most flexible, secure network access available among federal government certified solutions.

One Client for Complete, Government-Approved Wired and Wireless Network Protection

Juniper Networks Odyssey Access Client (OAC) is an enterprise-class 802.1X access client software that delivers comprehensive support for the advanced protocols required for secure network access. Together with an 802.1X-compatible RADIUS server such as Juniper Networks SBR Series Steel-Belted Radius Servers, OAC secures the authentication and connection of network users, ensuring only authorized users are able to connect, that user login credentials are not compromised, and that data privacy is maintained.

FIPS-Compliance with the Power of Odyssey Access Client

Juniper provides a version of OAC that meets the most stringent IT and communications requirements set forth by the U.S. federal government, while maintaining OAC’s unparalleled feature set. Juniper Networks Odyssey Access Client FIPS Edition (OAC FIPS Edition) incorporates a FIPS 140-2 Level 1 certified cryptographic module and offers the advanced management features required by government and secure enterprise organizations with multiple facilities and deployments.

Value Proposition

Enterprise-Level, Government-Certified Security

• Best-in-class, FIPS 140-2 Level 1 validated cryptography (Validated by the National Institute of Standards and Technology (NIST) and the Canada Communications Security Establishment (CSE))
• Powerful, government-approved cryptography in a COTS product
• Supports the latest security protocols and standards
• Ensures credentials and data stay secure over a wireless link

Low Total Cost of Ownership (TCO)

• Decreases operational costs and increases return on investment by simplifying user and administrative controls
• Delivers auto-configuration tools and processes that ease deployment, distribution, and provisioning Lowers training and support costs through consistent user interface, intuitive operation, and powerful diagnostic tools
• A single interface for authentication and access control in wired and wireless deployments
• Multi-platform, multi-vendor compatibility

Enhanced Control

• Enables pre-defined or automated preferred and priority connection capabilities
  
• Offers support for sophisticated network logon schemes 
• Client lockdown permits enforcement of security policies

Certified Support for Government Protocols

Juniper Networks Odyssey Access Client FIPS Edition incorporates the Odyssey Security Component, a cryptographic module that is Federal Information Processing Standard (FIPS) 140-2 Level 1 validated by both the NIST and the CSE, Canada’s national cryptologic agency. OAC FIPS Edition was developed specifically to conform to government Information Assurance (IA) requirements.

OAC FIPS Edition is compatible with U.S. Department of Defense (DoD) Common Access Card (CAC) standards and certificates.

Also, OAC FIPS Edition has recently been evaluated and certified for conformance to the Common Criteria (ISO/IEC 15408), the international security standard. The claims being validated include the U.S. Government Protection Profile for Wireless LAN Clients for Basic Robustness Environments. OAC FIPS Edition has been awarded an assurance level of EAL 3 Augmented ALC_FLR.2. Please contact Juniper Networks for the version number of the evaluated client.

OAC FIPS Edition provides 802.11i and TLS-based 802.1X methods that use FIPS-certified cryptography. Please note that using the 802.11i protocol in FIPS mode requires a modified driver for the wireless adapter. Please contact your Juniper Networks sales representative for the latest list of available drivers.

OAC FIPS Edition also supports the xSec protocol, a slight variation on 802.11i that can run in FIPS mode on any existing wireless adapter driver. As with 802.11i, all cryptographic operations in xSec are performed using the Odyssey Security Component cryptographic module. xSec also uses longer Advanced Encryption Standard (AES) keys than 802.11i and encrypts Layer 2 header information that is not encrypted in 802.11i.

Features & Benefits:

Support for U.S. Government Standards
 

Industry Tested, Government-Certified

Odyssey Access Client FIPS Edition’s combination of standards-based, enterprise-driven features and strict, federally-regulated and certified cryptography delivers a government-approved wireless and wired 802.1X/802.11i client with strong security.

Easily implemented and maintained across client devices, OAC FIPS Edition enables the rapid deployment of secure, FIPS-certified 802.1X network access to users – saving time at initial installation and in the distribution of updates.

OAC FIPS Edition and Unified Access Control

The latest versions of OAC FIPS Edition are also compatible and interoperate with Juniper’s dynamic, comprehensive, standards-based network access control (NAC) solution, Unified Access Control (UAC). The OAC FIPS Edition can interface to and interact with UAC, serving as the UAC Agent, including with FIPS mode enabled. The Odyssey Security Component, the cryptographic module that is FIPS validated, operates with UAC to provide a FIPS-certified cryptologic module for network access control.

OAC FIPS Edition also provides xSec support for the UAC Agent’s Microsoft Windows Vista edition, delivering robust, government-approved encryption, via the Advanced Encryption Standard (AES) for in-transit data when operating over Microsoft Windows Vista and with 802.11 adapters and drivers.

Network Deployment:

OAC FIPS Edition protects network credentials and transmitted data from breach with government certified encryption, delivering secure network access.

System Requirements:

Odyssey Access Client FIPS Edition supports the:

• Microsoft Windows 2000
• Microsoft Windows Vista
• Microsoft Windows XP operating systems.
• Microsoft Windows Mobile 6
• Microsoft Windows Mobile 5
• Microsoft Windows Mobile 2003 (Second Edition) for Pocket PC
• Microsoft Windows 2003 for Pocket PC,
• Microsoft Windows CE 5.0 software.

OAC FIPS Edition requires a modified driver to enable the wireless adapter to run 802.11i in FIPS mode. Juniper Networks supports FIPS-compliant modified drivers for Microsoft Windows 2000 and XP software only. No support for FIPS-compliant modified drivers is available for Microsoft Windows Vista, Microsoft Windows Mobile, or Windows CE-based devices. We are currently verifying compatibility with a number of wireless adapters.

• No special adapter or driver requirements are needed to run xSec in FIPS mode.
• No FIPS-compliant network interface card (NIC) drivers are currently available for Microsoft Windows Vista, Windows Mobile, or Windows CE software. Please use xSec for encryption with the Windows Vista operating system, and Windows Mobile or Windows CE software.

For more information on platforms supported by OAC, please contact your Juniper Networks sales representative or authorized reseller.

Juniper supplies modified drivers for Windows 2000 and Windows XP. For a current list of drivers supported for all operating systems please contact your Juniper Networks sales representative or authorized reseller.

Note: OAC FIPS Edition requires a modified driver to enable the wireless adapter to run 802.11i in FIPS mode.

Note: No special adapter or driver requirements are needed to run xSec in FIPS mode.

Documentation:

Download the Juniper Networks Odyssey Access Client FIPS Edition Datasheet (PDF).