Enabling Fips Cryptography; Preparing The System; Enabling Fips Mode - Dell Force10 S4810P Configuration Manual
High-density, 1ru 48-port 10gbe switch
Hide thumbs
Also See for Force10 S4810P:
- Manual (60 pages) ,
- Quick start manual (27 pages) ,
- Reference manual (1637 pages)
Table of Contents
Advertisement
Enabling FIPS Cryptography
FIPS Cryptography is supported on the following platforms:
This chapter describes how to enable FIPS cryptography requirements on the Dell Force10 S4810 platform. This feature
provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and
Technology (NIST), a non-regulatory agency of the US Department of Commerce. The FIPS mode is also validated for
numerous platforms to meet the FIPS-140-2 standard for a software-based cryptographic module.
The FIPS mode included in this release is the OpenSSL FIPS Object Module v2.0, which has been validated
Note:
to meet FIPS-140-2 requirements, per certificate #1747. The S4810 platform is not one of the validated platforms.
Dell Force10 has contracted with the OpenSSL Foundation to complete a Change Letter validation of the S4810
platform for this FIPS mode. A patch release will be available once that Change Letter validation has been
completed.
For release 8.3.12.0 only the SSH and SCP copy features use the FIPS cryptographic mode to secure
Note:
management interface user sessions and file transfers. Other features that use cryptographic algorithms do not, or
cannot, use the FIPS mode. The administrator must configure the management interfaces to limit access to/from the
system to SSH alone.
This chapter describes the FIPS configuration procedure:
•
Preparing the System
•
Enabling FIPS Mode
•
Generating Host-Keys
•
Monitoring FIPS Mode Status
•
Disabling the FIPS Mode
Preparing the System
Before you enable FIPS mode on the S4810, Dell Force10 recommends making the following steps to your system:
•
disable the Telnet server (only SSH (Secure Shell) should be used to access the system).
•
disable the FTP server (only SCP (Secure Copy) should be used to transfer files to and from the system).
•
Attach a secure, standalone host to the console port to be used for FIPS configuration.
Enabling FIPS Mode
You must use the console port to enable or disable FIPS mode. The host attached to the console port must be secured against
unauthorized access. Any attempts to enable or disable FIPS mode from a virtual terminal session are denied.
z
17
Enabling FIPS Cryptography | 401
Advertisement
Table of Contents
Troubleshooting
