RS ZNL Vector Network Analyzer Instrument Security Procedures User Guide

RS ZNL Vector Network Analyzer Instrument Security Procedures

Overview

• Securing important information is crucial in many applications.
• Generally, highly secured environments do not allow any test equipment to leave the area unless it can be proven that no user information leaves with the test equipment, e.g. to be calibrated.
• “Regarding sanitization, the principal concern is ensuring that data is not unintention-ally released” [1].
• This document provides a statement regarding the volatility of the memory types used and specifies the steps required to sanitize an instrument.
• The procedures in this document follow “NIST Special Publication 800-88: Guidelines for Media Sanitization” [1].
• In addition, recommendations are provided to safeguard information on the R&S ZNL.

References
See the following literature for further information.

1. Kissel Richard L. [et al.] Guidelines for Media Sanitization = Special Publication (NIST SP) = NIST SP – 800-88 Rev 1. – Gaithersburg : [s.n.], December 17, 2014.
2. National Industrial Security Program Authorization Office Defense Security Service (DSS) Assessment and Authorization Process Manual (DAAPM). – May 6, 2019.
3. ACSC Australian Cyber Security Centre Australian Government Information Security Manual, January 2020.

Instrument Models Covered

Table 2-1: Vector Network Analyzer models

Security terms and definitions

Terms defined in Guidelines for Media Sanitization
” NIST Special Publication 800-88 “[1]

• “Sanitization”
  “Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort.”

• “Clear”
  “Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typi-cally applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).”

• “Purge”
  “Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques.”

• “Destroy”
  “Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.”

• Control of media
  Another option to secure sensitive information is to keep physical media within the classified area, see [1], paragraph 4.4.

• Volatile memory
  “Memory components that do not retain data after removal of all electrical power sour-ces, and when reinserted into a similarly configured system, are considered volatile memory components.” [2] The volatile memory in the instrument does not have battery backup. It loses its con-tents when power is removed from the instrument.
  If the instrument is battery operated, e.g. handhelds, it retains data in the volatile mem-ory as long as the battery is installed.
  Typical examples are RAM, e.g. SDRAM.

• Non-volatile memory
  “Components that retain data when all power sources are discontinued are non- volatile memory components.” [2].
  In the context of this document, non-volatile memory components are non-user acces-sible internal memory types, e.g. EEPROM, Flash, etc.

• Media
  Media are types of non-volatile memory components. In the context of this document, media are user-accessible and retain data when you turn off power.
  Media types are Hard Disk Drives (HDD), Solid State Drives (SSD), Memory Cards, e.g. SD, microSD, CFast, etc., USB removable media, e.g. Pen Drives, Memory Sticks, Thumb Drives, etc. and similar technologies.

Types of Memory and Information Storage in the R&S ZNL

The Vector Network Analyzer contains various memory components. The following table provides an overview of the memory components that are part of your instrument. For a detailed description regarding type, size, usage and location, refer to the subsequent sections. Notes on memory sizes Due to the continuous development of memory components, the listed values of mem-ory sizes may not represent the current, but the minimal configuration.

Memory type| Location| Size| Content| Vola- tility| User Data| Sanitization procedure
---|---|---|---|---|---|---
SDRAM| PC board| 4 GByte or

8 GByte

| Temporary information stor- age for operating system and instrument firmware| Volatile| Yes| Turn off instru- ment power
EEPROM| PC board| 1 kByte| ●      Board information / configuration

●      Serial number

| Non- volatile| No| None required (no user data)
Front panel| 2 kByte| Hardware information
Memory type| Location| Size| Content| Vola- tility| User Data| Sanitization procedure
---|---|---|---|---|---|---
Flash| PC board| 8 MByte| BIOS| Non- volatile| No| None required (no user data)
Mother- board| 32 MByte| ●      FPGA configuration

●      Hardware information

●      Correction data

VNA board| 512 kByte| ●      FPGA configuration

●      Hardware information

●      Correction data

Spectrum Analysis board (R&S ZNL3

-B1)

| 512 kByte| ●      FPGA configuration

●      Hardware information

●      Correction data

Reference board| 1 MByte| ●      Hardware information

●      Correction data

Additional Interface board (R&S FPL1

-B5)

| 32 MByte| ●      Hardware information

●      Correction data

GPIB board (R&S FPL1

-B10)

| 4 MByte| FPGA configuration
SSD| PC board| ≥ 32 GByte| ●      Operating system

●      Instrument firmware

●      Instrument settings

●      Limit lines

●      User calculation data

●      Trace data

●      Measurement results and screen images

| Non- volatile| Yes| Remove PC board from instrument

Volatile Memory
The volatile memory in the instrument does not have battery backup. It loses its con-tents as soon as power is removed from the instrument. The volatile memory is not a security concern.

SDRAM
The R&S ZNL is equipped with 8 GByte of SDRAM. It contains temporary information storage for operating system and instrument firm-ware. The SDRAM loses its memory as soon as power is removed.
Sanitization procedure: Turn off instrument power.

Non-Volatile Memory
The R&S ZNL contains various non-volatile memories. Out of these, only the SSD con-tains user data. The SSD is located on the PC board. The PC board can be physically removed from the R&S ZNL and left in the secure area. All other non-volatile memories of the R&S ZNL are not a security concern.

EEPROM
On the PC board of the R&S ZNL there is one EEPROM, which has the size of 1 kByte and contains configuration data and board serial number.
On the front panel board there is one EEPROM with 2 kByte, which contains hardware information.
The EEPROM memory devices do not hold any user data nor can the user access the storage.
Sanitization procedure: None required (no user data).

Flash
There is one Flash memory of 8 MByte on the PC board, which contains the BIOS.

• On the VNA board of the R&S ZNL there is one Flash memory with 512 kByte, which contains FPGA configuration, hardware information, and correction data.
• On the spectrum analyzer board (option R&S ZNL3|4|6-B1, if installed) there is one Flash memory of 512 kByte, which contains FPGA configuration, hardware information, and correction data.
• On the reference board there is one Flash memory of 1 MByte, which contains hard-ware information and correction data.
• On the additional interface board (option R&S FPL1-B5, if installed) there is one Flash memory of 32 MByte, which contains hardware information and correction data.
• On the GPIB board (option R&S FPL1-B10, if installed) there is one Flash memory with 4 MByte for the FPGA configuration.
• The Flash memory devices do not hold any user data nor can the user access the stor-age.
• Sanitization procedure: None required (no user data).

SSD
The R&S ZNL Vector Network Analyzer is equipped with a SSD. The SSD is used to store:

• Instrument operating system
• Instrument firmware
• Instrument settings
• Limit lines
• User calculation data
• Trace data
• Measurement results and screen images

The SSD can hold user data and is non-volatile. Hence, user data is not erased when power is removed from the instrument. The SSD is located on the PC board. The PC board can be physically removed from the Vector Network Analyzer to make sure that no user data is stored within the Vector Network Analyzer. With its removable PC board the R&S ZNL Vector Network Analyzer addresses the needs of customers working in secured areas.
Sanitization procedure: Remove PC board from instrument.

Instrument Declassification

The R&S ZNL offers the possibility to keep classified and unclassified data separated:

• To keep classified data inside the secured area, use the removable PC board com-ing with the instrument.
• For unclassified work outside the secured area, use a separate PC board (option R&S ZNL-B19).

Before you can remove the R&S ZNL from a secured area (for example to perform ser-vice or calibration), all classified data needs to be removed. You can declassify the R&S ZNL as follows:

1. Turn off the R&S ZNL and disconnect the power plug. Removing power sanitizes the volatile memory.

2. NOTICE! Risk of electrostatic discharge. Electrostatic discharge can damage the electronic components of the product.
   To remove the classified SSD, perform the following steps:

   • Locate the PC board at the rear of the instrument.

   • Unscrew the two knurled screws.

   • Remove the PC board.

• Following these steps removes all user data from the R&S ZNL. The R&S ZNL can now leave the secured area.
• These declassification procedures meet the needs of customers working in secured areas.
• Once the R&S ZNL is outside the secured area, installing a second removable PC board (without any user data) allows the R&S ZNL to function properly for service or other needs (option R&S ZNL-B19).
• Before returning the R&S ZNL to the classified area, remove the PC board (option R&S ZNL-B19) to keep it for future, unclassified, work.
• When the R&S ZNL is back within the secured area, reinstall the original classified PC board.

Validity of instrument calibration after declassification
The flash memory on the VNA board is the only memory type used to hold permanent adjustment values required to maintain the validity of the R&S ZNL’s calibration. There-fore, replacing one removable PC board with another, does not affect the validity of the instrument’s calibration.

Special Considerations for USB Ports

USB ports can pose a security risk in high-security locations. Generally, this risk comes from small USB pen drives, also known as memory sticks or key drives. They can be easily concealed and can quickly read/write several GByte of data.

Disabling USB ports for writing user data
You can disable the write capability on the USB ports of the R&S ZNL via a utility soft-ware. This utility software is available on the R&S ZNL website https://www.rohde-[schwarz.com/product/znl.html](http://schwarz.com/product/znl.html). To disable the write capability, copy the utility software to the R&S ZNL and run it once. After a reboot of the instrument, the write capability on any USB memory device is dis-abled.

© 2022 Rohde & Schwarz GmbH & Co. KG
Muehldorfstr. 15, 81671 Muenchen, Germany

• Phone: +49 89 41 29 – 0
• Email: info@rohde-schwarz.com
• Internet: www.rohde-schwarz.com

Subject to change – data without tolerance limits is not binding. R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG. Trade names are trademarks of the owners.

References

• schwarz.com
• Industry-leading technology group | Rohde & Schwarz

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>