Fips Compliance; Password Control Configuration Task List - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
In FIPS mode, a password must contain four types of characters and each type contains at least
one character.
When a user sets or changes the password, the system checks if the password meets the
composition requirement. If not, the system displays an error message.
Password complexity checking policy
•
A less complicated password such as a password containing the username or repeated characters
is more likely to be cracked. For security purposes, you can configure a password complexity
checking policy to make sure that all user passwords are relatively complicated. With such a
policy configured, when a user configures a password, the system checks the complexity of the
password. If the password is complexity-incompliant, the system refuses the password and
displays a password configuration failure message.
You can impose the following password complexity requirements:
A password cannot contain the username or the reverse of the username. For example, if the
username is abc, a password such as abc982 or 2cba is not complex enough.
No character of the password is repeated three or more times consecutively. For example,
password a1 1 1 is not complex enough.
Password display in the form of a string of asterisks (*)
•
For the sake of security, the password a user enters is displayed in the form of a string of asterisks
(*).
•
Authentication timeout management
Authentication timeout management is only for Telnet and Terminal users.
The authentication period is from when the server obtains the username to when the server finishes
authenticating the user's password. If a user fails to log in within the configured period of time, the
system tears down the connection.
Maximum account idle time
•
You can set the maximum account idle time so that accounts staying idle for this period of time
become invalid. For example, if you set the maximum account idle time to 60 days and the user of
the account test has not logged in successfully within 60 days after the last successful login, the
account becomes invalid and the user is unable to log in again.
•
Logging
The system logs all successful password changing events and the events of adding users to the
password control blacklist.
FIPS compliance
The router supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non-FIPS mode.
Password control configuration task list
The password control functions can be configured in several views, and different views support different
functions. The settings configured in different views or for different objects have different application
ranges and different priorities:
Settings for super passwords apply only to super passwords.
•
204
Advertisement
Table of Contents
Troubleshooting
