User manual
AN-80i User Manual
70-00072-01-10 Proprietary Redline Communications © 2011 Page 125 of 152 March 2, 2011
8.3 FIPS - High-Security Model
FIPS operation is an optional feature for AN-80i systems.
The FIPS option provides very high security for physical, data, and management when
using the AN-80i equipment. FIPS supports the strongest standards based encryption
for information secrecy and integrity against eavesdropping. Built-in security
mechanisms protect against denial-of-service, replay attacks, and the strongest
standards-based authentication algorithm to prevent man-in-the-middle attacks.
When FIPS mode is active, the AN-80i provides secure system access and
management with user authentication over SSH and/or HTTPS using FIPS
approved/validated algorithms. The system also provides authentication for network
connections and X.509 certification based authentication over the wireless interface and
hardware-based AES encryption.
If SNMP v3 is enabled, authentication is performed using SHA and AES privacy, and a
user ID/password policy is enforced.
Important: When operating in FIPS mode, the wireless authentication, SSH, and
HTTPS algorithms use only certificate and key files loaded in the FIPS (fips) table.
8.3.1 FIPS Mode Setup
FIPS Mode Out-of-Box Operation
FIPS mode is not
supported out of box. Each AN-80i system to be used in FIPS mode
must meet the following requirements:
1. AN-80i software with FIPS support is loaded and operational.
2. An options key enabled for FIPS operation must be purchased, loaded on the AN-
80i, and be the currently active options key.
Notes:
1. SSH access is mandatory for loading FIPS certificates and keys, and is available
out-of-box. See SSH description later in this section.
2. HTTPS is not required for FIPS setup and is not out-of-box compatible with FIPS
mode. See HTTPS description later in this section.
3. SNMP is not required for FIPS setup and does not include all the functions
necessary to enable and configure FIPS mode operation.
Setting Up FIPS Mode Operation
1. Adjust User Account Settings
All user accounts (admin and user type) must conform to the FIPS security policy
requiring a minimum of eight characters for all usernames and passwords. The operator
must create new compatible 'admin'; and 'user' type accounts as required and then
delete all non-compatible accounts. There must always be at least one 'admin' type
account.
Example: Sample username/password combinations.
admin / admin: Not acceptable
administrator / admin: Not acceptable
administrator / admin678: Acceptable
2.
Restrict management access to SSH (and optionally SNMP v3).
HTTP: Off
HTTPS: Off
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299