Nortel Networks Contivity Secure IP Services Gateway 4600 Bedienungsanleitung PDF herunterladen (Seite 15)



 15



3 SecureOperationoftheContivitySwitch

TheContivitySwitchisaversatilemachine;itcanberuninaNormalOperatingModeor

aFIPSOperatingMode(FIPSmode).InFIPSmode,theswitchmeetsalltheLevel2

requirementsforFIPS140-1.ToplacethemoduleinFIPSmode,clickthe“FIPS

Enabled”buttonontheServicesAvailablemanagementscreenandrestartthemodule.A

numberofconfigurationsettingsarerecommendedwhenoperatingtheContivitySwitch

inaFIPS140-1compliantmanner.Otherchangesarerequiredinordertomaintain

compliancewithFIPS140-1requirements.Theseincludethefollowing:



Recommended

• Changethedefaultadministratorpasswordontheswitch.

• Disableallmanagementprotocolsoverprivatenon-tunneledinterfaces



Required

• Selectthe“FIPSEnabled”buttonontheServiceAvailableManagementscreens

andrestartthemodule.

• Applythetamperevidentlabelsasdescribedinsection2.3

• Disablecryptographicservicesthatemploynon-FIPSapprovedalgorithms.

• ForIPSec:WhenoperatingthedeviceinaFIPS140-1compliantmanner,

onlytheTripleDESESP,DESESP,andHMAC-SHAAHmaybe

enabled.MD5isnotanapprovedFIPSalgorithm.

• ForPPTPandL2TP:WhenoperatedinaFIPS140-1compliantmanner,

MS-CHAPandCHAParenotenabledwithRC4encryption.

• ForL2P:CHAPmustbedisabledtooperateinaFIPScompliantmanner.

• TheinternalLDAPdatabasemustbeusedinplaceofanexternalLDAP

server.

• SecureSocketsLayer(SSL)cannotbeusedtoestablishsecureconnections

• ForRoutingInformationProtocol(RIP)–InFIPSmode,MD5mustbe

disabled.



ThereareseveralservicesthatareaffectedbytransitioningthemoduleintoFIPS

compliantmode.WhenthemoduleisrestartedinFIPSmode,severaladministrative

servicesaccessingtheshell,includingthedebuggingscripts,aredisabled.Whenthe

moduleisinFIPSmode,theadministratorisgivenadditionalauthoritytoresetthe

defaultadministrator’spasswordandusername.Theintegratedfirewallprogram,by

Checkpoint,andtherestorecapabilitiesaredisabledduringFIPSmode.TheFTPdemon

isalsoturnedoff,preventinganyoutsideintruderfromFTPingintotheserver.Inorder

totransitionthemodeoutofFIPSmode,theFIPSdisablebutton,ontheServices

Availablemanagementscreen,mustbeclickedandthemodulemustberestarted.



WhentransitioningthemodulefromNon-FIPSmodetoFIPSmode,theCryptoOfficer

shouldensurethatthemoduleisrunningonlytheNortelsupplied,FIPS140-1validated

firmware.Ifthereisaconcernthatthefirmwarehasbeenmodifiedduringoperationin

Non-FIPSmode(Thismightbedonebyanunauthenticatedmaliciousremoteuserwho

1 2 ... 10 11 12 13 14 15 16

Kommentare zu diesen Handbüchern

Keine Kommentare

Nortel Networks Contivity Secure IP Services Gateway 4600 Bedienungsanleitung Seite 15

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Netzwerk-Switches Nortel Networks Contivity Secure IP Services Gateway 4600