|
|
|
Configuring Reflection for Secure IT UNIX Client and Server for FIPS 140-2 Validated Operation
Technical Note 2389
Last Reviewed 22-Oct-2008
Applies To
Reflection for Secure IT UNIX Server version 7.0 Service Pack 1
Reflection for Secure IT UNIX Client version 7.0 Service Pack 1
Summary
Technical Note 2389
Last Reviewed 22-Oct-2008
Applies To
Reflection for Secure IT UNIX Server version 7.0 Service Pack 1
Reflection for Secure IT UNIX Client version 7.0 Service Pack 1
Summary
This technical note describes how to configure Reflection for Secure IT UNIX client and server so that they operate in a FIPS 140-2 validated state.
To view the certificate and security policy, see the Computer Security Division: Computer Security Resource Center on the NIST website:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm/#1027 (Cert #1027)
Configuring for FIPS
Follow the steps below to configure the UNIX client and server for FIPS:
- Set FipsMode='yes' on both the client and server.
- Set the server keyword UsePrivilegeSeparation = 'yes'. (This is the default value.)
- Set the server keyword PermitRootLogin = 'no'. (The default is 'yes'.) The preferred method for root access is to login with SSH as a user and then use 'sudo' or 'su'.
- Set the server keyword AuthPublicKey.MinSize = 1024. (The default is 512.)
- Generate hostkey files that are at least 1024 bits in length (RSA or DSA). (The default host key meets this requirement.)
