Table of Contents
Advertisement
E. Setting FIPS mode
By default, on the first power-up, the module is in non-FIPS mode.
The commands "get config", or "get system" indicate if the system is in FIPS
mode.
The module can be set to FIPS mode only through the CLI. The module must be
zeroized when toggling between FIPS and non-FIPS mode of operation. It is
suggested that the module's configuration be saved prior to switching modes. To
set the module to FIPS mode, execute "set FIPS-mode enable" through the CLI.
Special note for firmware upgrade: if a pre-5.0 firmware is upgraded to 5.0 FIPS
version and above, even if the box is previously in FIPS mode, please re-enable
FIPS again by issuing the commands "unset FIPS-mode enable," "set FIPS-
mode enable," followed by rebooting the box.
This command will perform the following:
Execute the "save" command.
Execute the "reset" command.
Please note the following:
Juniper NS-5400 Security Policy
•
Hardware reset button: After the user follows the sequence: insert for
5 seconds, release for 5 seconds, insert for 5 seconds, and release
for 5 seconds, the device will erase all configurations and be
restored to the default factory settings.
•
Disable administration via SSL
•
Disable the loading and output of the configuration file from the TFTP
server
•
Disable the Global reporting agent
•
Disable administration via SNMP
•
Disable the debug service
•
Disable the modem port
•
Enforce management via Telnet, HTTP (WebUI) and NetScreen
Security Manager (NSM) only through a VPN with 256-bit AES
encryption
•
Enforce management via SSH only when using 3DES
•
Disable MD5 algorithm
•
Configure the HA encryption key before using the HA link.
•
Telnet, NSM and HTTP (WEB UI) are allowed only through a VPN
with AES encryption.
•
User names and passwords are case-sensitive. The password
consists of at least six alphanumeric characters. Since there are 26
uppercase letters, 26 lowercase letters, and 10 digits, the total
8
Advertisement
Table of Contents
