|
|
|
Configuring Reflection for Secure IT UNIX Client and Server for FIPS 140-2 Validated Operation
Technical Note 2389
Last Reviewed 02-Apr-2009
Applies To
Reflection for Secure IT UNIX Server version 7.0 SP1 or higher
Reflection for Secure IT UNIX Client version 7.0 SP1 or higher
Summary
Technical Note 2389
Last Reviewed 02-Apr-2009
Applies To
Reflection for Secure IT UNIX Server version 7.0 SP1 or higher
Reflection for Secure IT UNIX Client version 7.0 SP1 or higher
Summary
This technical note describes how to configure Reflection for Secure IT UNIX client and server so that they operate in a FIPS 140-2 validated state.
To view the certificate and security policy, see the Computer Security Division: Computer Security Resource Center on the NIST website:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm (Cert #1027)
Configuring for FIPS
Follow the steps below to configure the UNIX client and server for FIPS:
- Set FipsMode='yes' on both the client and server.
- Set the server keyword UsePrivilegeSeparation = 'yes'. (This is the default value.)
- Set the server keyword PermitRootLogin = 'no'. (The default is 'yes'.) The preferred method for root access is to login with SSH as a user and then use 'sudo' or 'su'.
- Set the server keyword AuthPublicKey.MinSize = 1024. (The default is 512.)
- Generate a host key pair. In FIPS mode, the key length must be between 1024 and 8192 for RSA keys, or 1024 for DSA keys.
