Dell Aruba 650 Дополнительное руководство - Страница 39
Просмотреть онлайн или скачать pdf Дополнительное руководство для Переключатель Dell Aruba 650. Dell Aruba 650 42 страницы. Controllers with arubaos fips firmware non-proprietary security policy fips 140-2 level 2 release supplement
The Aruba 620 and 650 Mobility Controllers meet FIPS 140-2 Level 2 requirements. The information below
describe how to keep the switch in FIPS-approved mode of operation. The Crypto Officer must ensure that
the switch is kept in a FIPS-approved mode of operation.
Crypto Officer Management
The Crypto Officer must ensure that the switch is always operating in a FIPS-approved mode of operation.
This can be achieved by ensuring the following:
FIPS mode must be enabled on the switch before Users are permitted to use the switch (see
FIPS Mode" on
The admin role must be root.
Passwords must be at least six characters long.
VPN services can only be provided by IPsec or L2TP over IPsec.
Access to the switch Web Interface is permitted only using HTTPS over a TLS tunnel. Basic HTTP and
HTTPS over SSL are not permitted.
Only SNMP read-only may be enabled.
Only FIPS-approved algorithms can be used for cryptographic services (such as HTTPS, L2, AES-CBC,
SSH, and IKEv1/IKEv2-IPSec), which include AES, Triple-DES, SHA-1, HMAC SHA-1, and RSA signature
and verification.
TFTP can only be used to load backup and restore files. These files are: Configuration files (system
setup configuration), the WMS database (radio network configuration), and log files. (FTP and TFTP
over IPsec can be used to transfer configuration files.)
The switch logs must be monitored. If a strange activity is found, the Crypto Officer should take the
switch off line and investigate.
The Tamper-Evident Labels (TELs) must be regularly examined for signs of tampering.
The Crypto Officer shall not configure the Diffie-Hellman algorithm with 768-bits (Group 1) in FIPS
mode for IKEv1/IKEv2-IPSec and SSH.
User Guidance
The User accesses the switch VPN functionality as an IPsec client. The user can also access the switch
802.11i functionality as an 802.11 client. Although outside the boundary of the switch, the User should be
directed to be careful not to provide authentication information and session keys to others parties.
Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
page 39)
Chapter 4
Ongoing Management
Ongoing Management |
"Enabling
37