Security planning
Item
Wireless
Link
Encryption
Key for AES
Port
numbers for
HTTP,
HTTPS and
Telnet
Planning for FIPS 140-2 operation
If the link is to operate in FIPS 140-2 secure mode, ensure that the following
cryptographic material is generated using a FIPS-approved cryptographic generator:
•
Key of Keys
•
TLS Private Key and Public Certificates
•
Entropy Input
•
Wireless Link Encryption Key for AES
Ensure that the web browsers used are enabled for HTTPS/TLS operation using FIPS-
approved cipher specifications.
Ensure that following attributes of user accounts for the web-based management
interface have been configured to match the operator's network security policy:
•
Auto Logout Period.
•
Maximum Number of Login Attempts.
•
Login Attempt Lockout.
•
Minimum Password Change Period.
•
Password Expiry Period.
•
Webpage Session Control
Ensure that the following are configured:
•
Identity-based user accounts = Enabled.
•
Password complexity rules reset to 'best practice' values.
•
Security Officer passwords compliant with the network security policy.
•
RADIUS authentication = Disabled.
2-38
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299
Description
An encryption key generated using a
cryptographic key generator. The key
length is dictated by the selected AES
encryption algorithm (128 or 256 bits).
Port numbers allocated by the network.
Chapter 2 Planning considerations
Quantity required
One per link. The
same encryption key
is required at each
link end.
As allocated by
network.
phn-0896_012v000
Jul 2010