Password guidelines
Below are general guidelines for defining passwords. To maximize security, it is recommended
to follow these guidelines or use company guidelines where available.
Password length
●
User password: at least eight characters
●
Other passwords: at least six characters
●
PSK (pre-shared keys) for IKE: at least 13 characters
●
Use a combination of upper and lower case letters, numbers and symbols.
●
Note:
You may use any printable character, such as ?, ! or *
Note:
Do not use passwords that are easy to guess, such as names, dates, or telephone
●
numbers.
Keep passwords in a safe place.
●
Managing the module in FIPS-compliant mode
In FIPS-approved operation mode, all remote configuration activities (Telnet/TFTP/SNMP/FTP)
are channeled through a VPN tunnel. The console port is used for local administration. Remote
management through all other interfaces is disabled. In addition, the module will:
Disable administration over SSH protocol.
●
Disable dial-in and dial-out via the modem ports (serial and USB).
●
Restrict troubleshooting services in the production environment by blocking all non-FIPS
●
compliant dev/tech commands.
Disable loading and output of configuration files from/to the SCP server.
●
File transfers using TFTP and FTP are restricted to a VPN-encrypted tunnel.
●
!
SECURITY ALERT:
The "FIPS mode" of operation is permanent. If you do not fulfill all of the steps,
SECURITY ALERT:
you void Gateway FIPS-compliant operation. The same happens if, after entering
FIPS mode, you execute an operation that is not consistent with the
FIPS-approved mode of operation. Also note that execution of the NVRAM Init
or zeroize commands clear the above defined FIPS-approved mode
configuration and returns the box to factory defaults.
Password guidelines
Issue 1.1 June 2005
509