SLS must be shut down
●
Telnet service must be confined to IPSEC encrypted tunnel
●
SNMP must be confined to SNMPv3 authentication service over an IPSEC encrypted
●
tunnel
TFTP configuration upload/download service must be confined to IPSEC encrypted tunnel
●
FTP configuration upload/download service must be confined to IPSEC encrypted tunnel
●
SCP client service must not be used
●
Usage of Diffie-Hellman Group 1 for IKE key negotiation must be suppressed
●
Usage of MD5 for IKE must be suppressed
●
Usage of MD5 for ESP authentication operation in IPSEC must be suppressed
●
Configuration channel between ICC/LSP (S8300) and Gateway (MGP) must be
●
suppressed
FIPS-related CLI commands
The FIPS-related CLI commands include:
zeroize
●
●
enhanced security
●
show self-test-status
For a full description see Avaya G250 and Avaya G350 CLI Reference, 03-300437
Entering FIPS mode
Prerequisites
User type – crypto officer
●
FIPS-approved hardware. Version 3.0.x or higher.
●
FIPS-approved Media Gateway firmware. Refer to the "Validation Lists for cryptographic
●
Standards" on the NIST Web site:
Valid VPN license
●
To enter FIPS mode:
1. Log in to the device through the local console port.
- User name: root
- Password: root
http://crc.nist.gov/cryptval/aes/aesval.html
Administration procedures
Issue 1.1 June 2005
511