Tektronix MDO3012,MDO3014,MDO3022,MDO3024,MDO3032,MDO3034,MDO3052,MDO3054,MDO3102,MDO3104, MDO3000 Series Oscilloscope Declassification and Security Instructions

MDO3000 Series Oscilloscope Declassification and Security
Instructions
*P077098000*
077-0980-00
MDO3000 Series Oscilloscope Declassification and Security
Instructions
www.tektronix.com
077-0980-00
Copyright © Tektronix. All rights reserved. Licensed software products are owned by Tektronix or its subsidiaries or suppliers, and are protected by national copyright laws and international treaty provisions. Tektronix products are covered by U.S. and foreign patents, issued and pending. Information in this publication supersedes that in all previously published material. Specifications and price change privileges reserved.
TEKTRONIX and TEK are registered trademarks of Tektronix, Inc.
Contacting Tektronix
Tektronix, Inc. 14150 SW Karl Braun Drive P.O. Box 500 Beaverton, OR 97077 USA
For product information, sales, service, and technical support:
In North America, call 1-800-833-9200.
Worldwide, visit www.tektronix.com to find contacts in your area.

Table of Contents

Preface ................................................................................................................................................ iii
Memory devices
Volatile memory devices ................................................................................................................ 1
Nonvolatile memory devices .......................................................................................................... 3
Media and data export devices ....................................................................................................... 4
Clear and sanitize procedures
Disable the USB device port .......................................................................................................... 7
Use the MDO3SEC option to disable all I/O ports ........................................................................ 7
Disable the LAN port and clear the LAN Ethernet settings ........................................................... 8
Enable the USB device port ............................................................................................................ 9
Use the MDO3SEC option to enable the IO ports ........................................................................ 10
Enable the LAN port and set the LAN Ethernet settings ............................................................. 10
Built-in security features
When to use TekSecure
Use TekSecure to erase memory contents .................................................................................... 14
............................................................................................................. 13
Clear or sanitize a non-functional instrument
Acquisition board ......................................................................................................................... 15
USB flash drive ............................................................................................................................ 15
Charges ......................................................................................................................................... 15
MDO3000 Series Declassification and Security Instructions i
Table of Contents
ii MDO3000 Series Declassification and Security Instructions

Preface

This document helps customers with data security concerns to sanitize or remove memory devices from the Tektronix MDO3000 Series Mixed Domain Oscilloscopes.
These products have data storage (memory) devices and data output devices. These instructions tell how to clear or sanitize the memory devices and disable the data output devices. The instructions also tell how to declassify an instrument that is not functioning.
Instrument code and calibration settings reside in nonvolatile flash memory. Instrument setups and reference waveforms may also be stored in flash memory or on USB drives connected to the instrument.
If you have any questions, contact the Tektronix Technical Support Center at
www.tektronix.com/support.
Reference
The procedures in this document are written to meet the requirements specified in:
NISPOM, DoD 5220.22–M, Chapter 8
ISFO Process Manual for Certification & Accreditation of Classified Systems under NISPOM
Products
The following Tektronix products are covered by this document:
MDO3012
MDO3014
MDO3022
MDO3024
MDO3032
MDO3034
MDO3052
MDO3054
MDO3102
MDO3104
Required documents
To perform the procedures in this document, you might need access to the MDO3000 series manuals listed below. These manuals are available on the Tektronix Web site at www.tektronix.com/downloads.
MDO3000 Series Service Manual (Tektronix part number, 077-0981-xx)
MDO3000 Series Technical Reference Manual (Tektronix part number, 077-0979-xx)
MDO3000 Series Declassification and Security Instructions iii
Preface
Terms used in this document
The following terms may be used in this document:
Clear. This removes data on media/memory before reusing it in a secured area. All reusable memory is cleared to deny access to previously stored information by standard means of access.
Erase. This is equivalent to clear.
Instrument Declassification. A term that refers to procedures that must be undertaken before an instrument can be removed from a secure environment. Declassification procedures include memory sanitization and memory removal, and sometimes both.
Media storage/data export device. Any of several devices that can be used to store or export data from the instrument, such as a USB port.
Nonvolatile memory. Data is retained when the instrument is powered off.
Power off. Some instruments have a “Standby” mode, in which power is still supplied to the instrument. For the purpose of clearing data, putting the instrument in Standby mode does not qualify as powering off. For these products, you will need to either press a rear-panel OFF switch or remove the power source from the instrument.
Remove. This is a physical means to clear the data by removing the memory device from the instrument. Instructions are available in the product Service Manual.
Sanitize. This eradicates the data from media/memory so that the data cannot be recovered by other means or technology. This is typically used when the device will be moved (temporarily or permanently) from a secured area to a non-secured area.
Scrub. This is equivalent to sanitize.
User Accessible. User is able to directly retrieve the memory device contents.
User-modifiable. User can write to the memory device during normal instrument operation, using the instrument interface or remote control.
Volatile memory. Data is lost when the instrument is powered off.
iv MDO3000 Series Declassification and Security Instructions
Preface
Device terms
The following terms are used with the memory devices in this document:
User data. Describes the type of information stored in the device. Refers to waveforms or other measurement data representing signals connected to the instrument by users.
User settings. Describes the type of information stored in the device. Refers to instrument settings that can be changed by the user.
Both. Describes the type of information stored in the device. It means that both user data and user settings are stored in the device.
None. Describes the type of information stored in the device. It means that neither user data nor user settings are stored in the device.
Directly. Describes how data is modified. It means that the user can modify the data.
Indirectly. Describes how data is modified. It means that the instrument system resources modify the data and that the user cannot modify the data.
MDO3000 Series Declassification and Security Instructions v
Preface
vi MDO3000 Series Declassification and Security Instructions

Memory devices

The following sections list the volatile and nonvolatile memory devices in the standard instrument and listed options.

Volatile memory devices

DDR3
Type and size 1 GB standard
Function Holds active analog acquisition data
Type of user information stored
Backed up by battery? No
Method of modification Indirectly
Data input method Firmware operations
Location Main board
User accessible No
To clear Remove power from the instrument for at least 20 seconds.
Process to sanitize Remove power from the instrument for at least 20 seconds.
User data
SDRAM
Type and size SDRAM 128 GB (standard)
Function Holds active digital acquisition data
Type of user information stored
Backed up by battery? No
Method of modification Indirectly
Data input method Firmware operations
Location Main board
User accessible No
To clear Remove power from the instrument for at least 20 seconds.
Process to sanitize Remove power from the instrument for at least 20 seconds.
SDRAM
Type and size SDRAM 32 MB (standard)
Function ASIC execution memory
Type of user information stored
Backed up by battery? No
Method of modification indirectly
Data input method Firmware operations
User data
User data and settings
MDO3000 Series Declassification and Security Instructions 1
Memory devices Volatile memory devices (cont.)
Location Main board
User accessible No
To clear Remove power from the instrument for at least 20 seconds.
Process to sanitize Remove power from the instrument for at least 20 seconds.
DDR3
Type and size DDR3 1 GB (standard)
Function Microprocessor system memory
Type of user information stored
Backed up by battery? No
Method of modification Directly
Data input method Written by processor system
Location Main board
User accessible No
To clear Remove power from the instrument for at least 20 seconds.
Process to sanitize Remove power from the instrument for at least 20 seconds.
User data and settings
SRAM
Type and size SRAM 125 kB (standard)
Function Arbitrary waveform storage
Type of user information stored
Backed up by battery? No
Method of modification Indirectly
Data input method Firmware operations
Location IO board
User accessible No
To clear Remove power from the instrument for at least 20 seconds.
Process to sanitize Remove power from the instrument for at least 20 seconds.
User data
2 MDO3000 Series Declassification and Security Instructions
Memory devices

Nonvolatile memory devices

Flash 128 MB
Type and size Flash 128 MB
Function Holds instrument calibration data, serial number, option key, instrument operating system and
application software. Also holds all user-storable data, such as waveforms, measurement results, and instrument settings.
Type of user information stored
Method of modification Indirectly
Data input method Firmware operations, user input
Location Main board
User accessible No
To clear Not applicable for calibration constants.
Process to sanitize Not applicable for calibration constants.
User data, user settings
Use the procedure Use TekSecure to erase memory contents to erase reference waveforms and instrument setups. Then use the procedure Disable the LAN port and clear the LAN Eithernet
settings to disable the LAN ethernet and to clear information, such as IP addresses.
Use the procedure Use TekSecure to erase memory contents to erase reference waveforms and instrument setups. Then use the procedure Disable the LAN port and clear the LAN Eithernet
settings to disable the LAN ethernet and to clear information, such as IP addresses.
Serial real-time clock
Type and size Serial real-time clock
Function Real-time clock with battery backup
Type of user information stored
Method of modification Indirectly
Data input method Not applicable
Location Main board
User accessible Not applicable
To clear Not applicable, no user data
Process to sanitize Not applicable, no user data
EEPROM
Type and size EEPROM 1 Kbit
Function Holds signal generator calibration data
Type of user information stored
Method of modification Indirectly
Data input method Not applicable
Location IO board
User accessible Not applicable
Time/date
None
MDO3000 Series Declassification and Security Instructions 3
Memory devices Nonvolatile memory devices (cont.)
To clear Not applicable, no user data
Process to sanitize Not applicable, no user data
EEPROM
Type and size EEPROM 1 Kbit
Function Application module firmware
Type of user information stored
Method of modification Not applicable
Data input method Not applicable
Location MDO3000 application modules
User accessible Not applicable
To clear Not applicable, no user data
Process to sanitize Not applicable, no user data
None

Media and data export devices

Two USB host ports Supports removable USB flash drive
Function User storage of reference waveforms, screen images, and instrument setups
Method of modification Directly
Data input method User writeable
Location One USB host port on the front of the instrument
On USB host port on the rear of the instrument
Files can be deleted or over-written on the oscilloscope or on a PC. USB flash drive can be removed or destroyed.
User accessible Yes
Process to disable The USB host port cannot be disabled with MDO3000 Series instruments without the MDO3SEC
option.
If your instrument has the MDO3SEC option, perform the procedure Use the MDO3SEC option to
disable all IO ports to disable the two USB host ports.
USB device port
Function Supports remote control and data transfer to a PC.
Method of modification Directly
Data input method Remote control via USBTMC
Location USB device port on rear of the instrument
User accessible Yes
4 MDO3000 Series Declassification and Security Instructions
Media and data export devices (cont.) Memory devices
Process to disable (for instruments with the MDO3SEC option)
Process to disable (for instruments without the MDO3SEC option)
LAN Ethernet connector
Function Transfer data
Method of modification Directly
Data input method Not applicable
Location CAT5 connector on rear of the instrument
User accessible Yes
Process to disable (for instruments with the MDO3SEC option)
Process to disable (for instruments without the MDO3SEC option)
Perform the procedure Use the MDO3SEC option to disable all I/O ports to disable the device ports.
Perform the procedure Disable the USB device port to disable the USB device port.
Perform the procedure Use the MDO3SEC option to disable all I/O ports to disable the device ports.
Perform the procedure Disable the LAN port and clear the LAN Ethernet settings to disable the Ethernet port.
MDO3000 Series Declassification and Security Instructions 5
Memory devices Media and data export devices (cont.)
6 MDO3000 Series Declassification and Security Instructions

Clear and sanitize procedures

NOTE. Sanitizing or clearing the instrument cannot be reversed. But the instrument application software and calibration information is left unchanged after the sanitizing or clearing operations. There is no need for a post­sanitization or clear procedure for the MDO3000 Series of instruments. The instrument can begin normal use and function immediately after the sanitizing or clearing procedures.

Disable the USB device port

Complete the following steps to disable the USB device.
1. Remove any USB cable or device from the USB device port on the rear of the instrument.
2. Push the front-panel Utility button.
3. Push the Utility Page lower-bezel button and use the Multipurpose a knob to select I/O.
4. Push the USB lower-bezel button.
5. Push the Disabled (Off Bus) side-bezel button to disable the USB device
port.
The USB device port is now disabled and no longer allows traffic in or out of the port.

Use the MDO3SEC option to disable all I/O ports

If your instrument has the MDO3SEC option installed, use the following procedure to turn off all of the I/O ports.
1. Push the front-panel Utility button.
2. Push the Utility Page lower-bezel button and use the Multipurpose a knob to select Security.
3. Push the Security Password lower-bezel button.
4. Use the Multipurpose knob to enter a password.
5. Push the I/O Ports lower-bezel button.
To disable all USB and Ethernet ports on the oscilloscope, push the OK Disable All Ports on the side-bezel button.
6. Push the Menu Off front-panel button to close the dialog box.
7. Power off the oscilloscope, and then power it back on to complete the
process.
MDO3000 Series Declassification and Security Instructions 7
Clear and sanitize procedures
To reset the instrument RAM, do the following:
1. Power off the instrument for at least 20 seconds.
2. Power on the instrument.

Disable the LAN port and clear the LAN Ethernet settings

To disable the LAN port and clear LAN Ethernet settings, such as IP addresses, complete the steps in this procedure.
CAUTION. This procedure clears network connectivity information. Record all of the settings before clearing them.
1. Remove the network cable from the LAN port on the rear of the instrument.
2. Push the front-panel Default Setup button.
3. Push the front-panel Utility button.
4. Push the Utility Page lower-bezel button and use the Multipurpose a knob to select I/O.
5. Push the Network Configuration lower-bezel button.
6. Push the Manual side-bezel button. Wait for this operation to complete.
7. Push the Set IP Address Manually side-bezel button.
8. Push the or arrow side-bezel button to position the cursor on the Instrument IP Address field.
9. Push the Clear lower-bezel button.
10. Push the arrow side-bezel button to position the cursor on the Gateway IP Address field.
11. Push the Clear lower-bezel button.
12. Push the arrow side-bezel button to position the cursor on the Subnet Mask field.
13. Push the Clear lower-bezel button.
14. Push the arrow side-bezel button to position the cursor on the DNS IP Address field.
15. Push the Clear lower-bezel button.
16. Push the OK Accept side-bezel button.
17. Push the Ethernet and LXI lower-bezel button.
18. Push the –more- 1 of 2 side bezel button to get to the second page of side
bezel menus.
19. Push the Change Names side-bezel button.
8 MDO3000 Series Declassification and Security Instructions
Clear and sanitize procedures
20. Push the or arrow side-bezel button to position the cursor on the Hostname field.
21. Push the Clear lower-bezel button.
22. Push the arrow side-bezel button to position the cursor on the Domain Name field.
23. Push the Clear lower-bezel button.
24. Push the arrow side-bezel button to position the cursor on the Service Name field.
25. Push the Clear lower-bezel button.
26. Push the OK Accept side-bezel button.
27. Push the Change e*Scope and LXI Password side-bezel button.
28. Push the Clear lower-bezel button.
29. Push the OK Accept side-bezel button.
The LAN system is disabled and no longer allows data traffic in or out. The relevant LAN Ethernet settings are also cleared.

Enable the USB device port

Complete the following steps to enable the USB device.
1. Push the front panel Default Setup button.
2. Push the front-panel Utility button.
3. Push the Utility Page lower-bezel button and use the Multipurpose a knob to select I/O.
4. Push the USB lower-bezel button.
5. Push the Connect to Computer or Connect to PictBridge Printer side-
bezel button to enable the USB device port.
MDO3000 Series Declassification and Security Instructions 9
Clear and sanitize procedures

Use the MDO3SEC option to enable the IO ports

If your instrument has the MDO3SEC option installed, use the following procedure to turn on all of the I/O ports.
1. Push the front-panel Utility button.
2. Push the Utility Page lower-bezel button and use the Multipurpose a knob to select Security.
3. Push the Security Password lower-bezel button.
4. Use the Multipurpose knob to enter a password.
5. Push the I/O Ports lower-bezel button.
To disable all USB and Ethernet ports on the oscilloscope, push the OK Enable All Ports on the side-bezel button.
6. Push the Menu Off front-panel button to close the dialog box.
7. Power off the oscilloscope, and then power it back on to complete the
process.

Enable the LAN port and set the LAN Ethernet settings

To Enable the LAN port and set the LAN Ethernet settings, such as IP addresses, complete the steps in this procedure.
1. Push the front panel Default Setup button.
2. Push the front-panel Utility button.
3. Push the Utility Page lower-bezel button and use the Multipurpose a knob to select I/O.
4. Push the Network Configuration lower bezel button.
5. Push the Manual side bezel button. Wait for this operation to complete.
6. Push the Set IP Address Manually side bezel button.
7. Push the or arrow side-bezel button to position the cursor on the Instrument IP Address field.
8. Enter the relevant field data using the lower bezel buttons and Multipurpose a knob.
9. Push the arrow side-bezel button to position the cursor on the Gateway IP Address field.
10. Enter the relevant field data using the lower bezel buttons and Multipurpose a knob.
11. Push the arrow side-bezel button to position the cursor on the Subnet Mask field.
12. Enter the relevant field data using the lower bezel buttons and Multipurpose a knob.
10 MDO3000 Series Declassification and Security Instructions
Clear and sanitize procedures
13. Push the arrow side-bezel button to position the cursor on the DNS IP Address field.
14. Enter the relevant field data using the lower bezel buttons and Multipurpose a knob.
15. Push the OK Accept side-bezel button.
16. Push the Ethernet and LXI lower-bezel button.
17. Push the –more- 1 of 2 side bezel button to get to the second page of side
bezel menus.
18. Push the Change Names side-bezel button.
19. Push the or arrow side-bezel button to position the cursor on the Hostname field.
20. Enter the relevant field data using the lower bezel buttons and Multipurpose a knob.
21. Push the arrow side-bezel button to position the cursor on the Domain Name field.
22. Enter the relevant field data using the lower bezel buttons and Multipurpose a knob.
23. Push the arrow side-bezel button to position the cursor on the Service Name field.
24. Enter the relevant field data using the lower bezel buttons and Multipurpose a knob.
25. Push the OK Accept side-bezel button.
26. Push the Change e*Scope and LXI Password side-bezel button.
27. Enter the relevant field data using the lower bezel buttons and Multipurpose a knob.
28. Push the OK Accept side-bezel button.
MDO3000 Series Declassification and Security Instructions 11
Clear and sanitize procedures
12 MDO3000 Series Declassification and Security Instructions

Built-in security features

When to use TekSecure
Use the TekSecure function to erase setup and reference waveform data stored in internal flash memory. Using TekSecure will not affect the calibration of the instrument because the calibration constants are stored on the Acquisition board, completely separate from any acquisition data. This allows complete erasure or removal of any secure data without affecting the oscilloscope calibration. It also allows the oscilloscope to be calibrated in a non-secure site and then used in a secure site with the need for recalibration.
The MDO3000 Series oscilloscopes have two USB host ports: one on the front panel and one on the rear panel. Any USB flash devices can be removed and stored or destroyed.
The TekSecure function does the following:
Replaces all waveforms in all reference memories with null sample values
Replaces the current front-panel setup and all stored setups with the default setup values
Calculates the checksums of all reference waveform memory and setup memory locations to verify successful completion of waveform and setup erasure
Displays a dialog indicating whether the secure erase was successful or unsuccessful
NOTE. TekSecure does not erase or change factory calibration constants or Ethernet settings.
MDO3000 Series Declassification and Security Instructions 13
Built-in security features

Use TekSecure to erase memory contents

To use TekSecure, do the following:
1. Push the front-panel Utility button.
2. Push the Utility Page lower-bezel button and use the Multipurpose a knob to select Security.
3. Push the TekSecure Erase Memory lower-bezel button.
4. Push the OK Erase Setup and Ref Memory side-bezel button. Wait for the
“TekSecure operation complete” dialog box to display.
5. Push the Menu Off front-panel button to close the dialog box.
6. Power off the oscilloscope, and then power it back on to complete the
process.
To reset the instrument RAM, do the following:
1. Power off the instrument for at least 20 seconds.
2. Power on the instrument.
14 MDO3000 Series Declassification and Security Instructions

Clear or sanitize a non-functional instrument

Use the following procedures to clear or sanitize a non-functional instrument.

Acquisition board

Only qualified personnel should perform service procedures. Read the General Safety Summary and the Service Safety Summary in the MDO3000 Series Service Manual (Tektronix part number, 077-0981-xx) before performing any service procedures.
Remove the Acquisition board and return the product to Tektronix. A new Acquisition board will be installed and the instrument will be repaired and adjusted as necessary.
For removal instructions, refer to the MDO3000 Series Service Manual available on the Tektronix Web site at www.tektronix.com/manuals.
After removing the Acquisition board, refer to your company's internal policies regarding handling or disposal of the board.

USB flash drive

Charges

Remove the USB flash drive and return the instrument to Tektronix for repair.
After removing the USB flash drive, refer to your company's internal policies regarding handling or disposal of the flash drive.
Replacement of any missing hardware will be charged according to the rate at the time of replacement.
MDO3000 Series Declassification and Security Instructions 15
Clear or sanitize a non-functional instrument
16 MDO3000 Series Declassification and Security Instructions
Loading...