Nokia IP265 Security Guide - Page 32

and only FIPS-approved algorithms can be selected.

Get Nokia IP265 - Security Appliance PDF manuals and user guides View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 32 highlights

Once this is completed, the module is adequately initialized and can be managed from the management server. FIPS mode can be enabled only after the Check Point initialization is complete 3.1.4 Setting the Module to FIPS Mode After installing or upgrading to the appropriate Check Point module and initializing the Check Point module, the Crypto Officer must set the mode of operation to FIPS mode. To set the mode of operation to FIPS mode 1. Use the CLI from the console port to enter the set fips on restart command. This will reboot the device and bring it up in FIPS mode 2. If desired, enter the show fips command to verify that the device is in FIPS mode. For the list of disabled access and feature mechanisms, see Appendix A on page 41. 3.1.5 Initializing the Remote Management of the Module Before the Crypto Officer can manage the module remotely, SSH must be enabled, the Crypto Officer's authorized SSH public key must be entered, and only FIPS-approved algorithms can be selected. To initialize the remote management of the module 1. Using the CLI through the console port, enter the following commands: a. set ssh server protocol 2,1 b. set ssh server enable 1 2. To ensure that the Crypto Officer can log in (with a password) using SSH, enter the following command: set ssh server permit-root-login yes 3. Configure the type of authentication that the server will use to authenticate the Crypto Officer by entering the following commands: set ssh server dsa-authentication 1 password-authentication 1 rhosts-authentication 0 rhosts-authentication 0 rsa-authentication 1 © Copyright 2005, 2006, 2007 Nokia Page 32 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
Once this is completed, the module is adequately initialized and can be
managed from the management server. FIPS mode can be enabled only
after the Check Point initialization is complete
3.1.4
Setting the Module to FIPS Mode
After installing or upgrading to the appropriate Check Point module and
initializing the Check Point module, the Crypto Officer must set the mode
of operation to FIPS mode.
To set the mode of operation to FIPS mode
1. Use the CLI from the console port to enter the
set fips on restart
command.
This will reboot the device and bring it up in FIPS mode
2. If desired, enter the
show fips
command to verify that the device is
in FIPS mode.
For the list of disabled access and feature
mechanisms, see Appendix A on page 41.
3.1.5
Initializing the Remote Management of the Module
Before the Crypto Officer can manage the module remotely, SSH must be
enabled, the Crypto Officer’s authorized SSH public key must be entered,
and only FIPS-approved algorithms can be selected.
To initialize the remote management of the module
1. Using the CLI through the console port, enter the following
commands:
a. set ssh server protocol
2,1
b.
set ssh server enable
1
2. To ensure that the Crypto Officer can log in (with a password) using
SSH, enter the following command:
set ssh server permit-root-login
yes
3. Configure the type of authentication that the server will use to
authenticate the Crypto Officer by entering the following
commands:
set ssh server
dsa-authentication
1
password-authentication
1
rhosts-authentication
0
rhosts-authentication
0
rsa-authentication
1
© Copyright 2005, 2006, 2007
Nokia
Page 32 of 43
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.