Federal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS
standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US
Department of Commerce. FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a
software-based cryptographic module.
This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms.
NOTE:
The Dell Networking OS uses an embedded FIPS 140-2-validated cryptography module (Certificate #1747) running
on NetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5 guidelines.
NOTE:
Only the following features use the embedded FIPS 140-2-validated cryptography module:
•
SSH Client
•
SSH Server
•
RSA Host Key Generation
•
SCP File Transfers
Currently, other features using cryptography do not use the embedded FIPS 140-2-validated cryptography module.
Topics:
•
Configuration Tasks
•
Preparing the System
•
Enabling FIPS Mode
•
Generating Host-Keys
•
Monitoring FIPS Mode Status
•
Disabling FIPS Mode
Configuration Tasks
To enable FIPS cryptography, complete the following configuration tasks.
•
Preparing the System
•
Enabling FIPS Mode
•
Generating Host-Keys
•
Monitoring FIPS Mode Status
•
Disabling FIPS Mode
Preparing the System
Before you enable FIPS mode, Dell Networking recommends making the following changes to your system.
1
Disable the Telnet server (only use secure shell [SSH] to access the system).
2
Disable the FTP server (only use secure copy [SCP] to transfer files to and from the system).
3
Attach a secure, standalone host to the console port for the FIPS configuration to use.
FIPS Cryptography
FIPS Cryptography
17
344