Administrator Guide

FIPS Cryptography

Dell Networking OS supports federal information processing standard (FIPS) cryptography.

This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This

feature provides cryptographic algorithms conforming to various FIPS standards published by the National

Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.

FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a software-based

cryptographic module.

NOTE

: For the Dell Networking OS version 8.3.12.0, only the SSH and SCP copy features use FIPS

Cryptographic mode to secure management interface user sessions and file transfers. Other features that

use cryptographic algorithms do not, or cannot, use FIPS mode. You must configure the management

interfaces to limit access to/from the system to SSH alone.

Topics:

• Preparing the System

• Enabling FIPS Mode

• Generating Host-Keys

• Monitoring FIPS Mode Status

• Disabling FIPS Mode

Preparing the System

Before you enable FIPS mode, Dell Networking recommends making the following changes to your system.

1 Disable the Telnet server (only use secure shell [SSH] to access the system).

2 Disable the FTP server (only use secure copy [SCP] to transfer files to and from the system).

3 Attach a secure, standalone host to the console port for the FIPS configuration to use.

Enabling FIPS Mode

To enable or disable FIPS mode, use the console port.

Secure the host attached to the console port against unauthorized access. Any attempts to enable or disable

FIPS mode from a virtual terminal session are denied.

When you enable FIPS mode, the following actions are taken:

• If enabled, the SSH server is disabled.

FIPS Cryptography 355