...
Warning | ||
---|---|---|
| ||
You must reconfigure snmpv3 before enabling FIPs mode. Failure to do so could cause the SBC to crash due to excessive trap generation. Perform the following steps to reconfigure snmpv3. |
Include Page | |
---|---|
|
...
|
...
You must disable all trap targets with authPriv/authNoPriv securityLevel.
Example:
Code Block |
---|
admin@sbc1% show oam snmp trapTarget EMS_-10.54.71.176
ipAddress 10.54.71.176;
port 162;
trapType v3;
targetUsername emstrapuser;
targetSecurityLevel authPriv;
state enabled;
admin@sbc1% set oam snmp trapTarget EMS_-10.54.71.176 state disabled
admin@sbc1% commit |
...
The
Spacevars | ||
---|---|---|
|
The following
...
activities were made to achieve FIPS 140-2 certification:
Self-Tests
...
– The
Spacevars | ||
---|---|---|
|
Note |
---|
Self-tests are performed only when the system is running in FIPS 140-2 mode. |
The various self-tests are as follows:
...
Spacevars | ||
---|---|---|
|
...
Spacevars | ||
---|---|---|
|
...
Spacevars | ||
---|---|---|
|
...
...
FIPS Finite State Model-
...
Spacevars | ||
---|---|---|
|
...
Spacevars | ||
---|---|---|
|
...
Note |
---|
The ability to change the FIPS |
...
40-2 mode is reserved only for users having Administrator permissions; the Administrator is a role in the
|
...
...
...
Spacevars | ||
---|---|---|
|
...
...
...
TLS v1.1 and v1.2 support for EMA/PM and SIP/TLS- TLS v1.1 and v1.2 provide resistance to certain known attacks (e.g. the BEAST attack affecting TLS v1.0) against earlier TLS versions and offer additional cipher suites not supported with TLS v1.0.
Note | ||||
---|---|---|---|---|
Although TLS v1.0 and v1.2 are enabled by default,
|
...
...
...
Spacevars | ||
---|---|---|
|
fips-140-2 mode
parameter as well as configuring other parameters. Note |
---|
As per FIPS 140-2 standards, Critical Security Parameters (CSPs) |
...
are not transferrable from non-FIPS to FIPS mode. So, after enabling FIPS mode, the Operator must install new TLS certificates |
...
to set the EMA/PM |
...
as operational.
|
...
to back up the current encrypted parameters |
...
in plain text, if possible |
...
, as well as perform a full configuration backup |
...
immediately after this action |
...
successfully |
...
completes. |
In Admin, select the name of the SBC system.
The Edit Fips-140-2 options open.
...
...
...
Parameter |
---|
...
Description |
---|
...
Mode
| The FIPS- |
...
140-2 |
...
mode.
|
...
|
...
|
...
The options are:
|
...
After enabling FIPS-140-2, you must reconfigure the keys (authKey/privKey) for all SNMP users (this applies to all SNMP users for authPriv/authNoPriv security level trap targets).
Use the following CLI commands to reconfigure the keys:
Code Block |
---|
admin@sbc1% set oam snmp users emstrapuser authKey Xd:aa:1f:09:75:6e:f6:da:NN:NN:NN:NN:NN:0d
admin@sbc1% set oam snmp users emstrapuser privKey Xd:aa:1f:09:75:6e:f6:da:NN:NN:NN:NN:NN:0d
admin@sbc1% commit |
Enable the authPriv/authNoPriv trap targets:
Code Block |
---|
admin@sbc1% set oam snmp trapTarget <trap_target_IP> state enabled |
Pagebreak |
---|
Note | ||||
---|---|---|---|---|
The ability to change the FIPS 40-2 mode is reserved only for users having Administrator permissions; the Administrator is a role in the
|
...