Nokia IP265 Security Guide - Page 32
and only FIPS-approved algorithms can be selected.
View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 32 highlights
Once this is completed, the module is adequately initialized and can be managed from the management server. FIPS mode can be enabled only after the Check Point initialization is complete 3.1.4 Setting the Module to FIPS Mode After installing or upgrading to the appropriate Check Point module and initializing the Check Point module, the Crypto Officer must set the mode of operation to FIPS mode. To set the mode of operation to FIPS mode 1. Use the CLI from the console port to enter the set fips on restart command. This will reboot the device and bring it up in FIPS mode 2. If desired, enter the show fips command to verify that the device is in FIPS mode. For the list of disabled access and feature mechanisms, see Appendix A on page 41. 3.1.5 Initializing the Remote Management of the Module Before the Crypto Officer can manage the module remotely, SSH must be enabled, the Crypto Officer's authorized SSH public key must be entered, and only FIPS-approved algorithms can be selected. To initialize the remote management of the module 1. Using the CLI through the console port, enter the following commands: a. set ssh server protocol 2,1 b. set ssh server enable 1 2. To ensure that the Crypto Officer can log in (with a password) using SSH, enter the following command: set ssh server permit-root-login yes 3. Configure the type of authentication that the server will use to authenticate the Crypto Officer by entering the following commands: set ssh server dsa-authentication 1 password-authentication 1 rhosts-authentication 0 rhosts-authentication 0 rsa-authentication 1 © Copyright 2005, 2006, 2007 Nokia Page 32 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.