FIPS mode is available, in which the device provides only a limited set of its functionality so that the security is then in compliance with NIST FIPS 140-2. After enabling the FIPS mode, at least the following takes place:
- FTP, TFTP, HTTP servers are disabled.
- Remote access via Telnet protocol is disabled.
- SNMPv3 is the only available version of SNMP.
- The SSL server supports only TLS1.0.
- The SSH server does not support SSHv1 clients.
- SSH supports only RSA.
- The generated RSA key pairs must have a modulus length of 2048 bits. The generated DSA key pair must have a modulus of at least 1024 bits.
- SSH, SNMPv3, IPsec, and SSL do not support DES, 3DES, RC4, or MD5.
No comments:
Post a Comment
Please add comments so I may update the material to accommodate platform modification to various commands. Also if you have some real-world caveats, do please share.