API Guide

Table Of Contents
FIPS Cryptography
Federal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS standards
published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a software-based cryptographic module.
This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms.
NOTE: The Dell Networking OS uses an embedded FIPS 140-2-validated cryptography module (Certificate #1747)
running on NetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5 guidelines.
NOTE: Only the following features use the embedded FIPS 140-2-validated cryptography module:
SSH Client
SSH Server
RSA Host Key Generation
SCP File Transfers
Currently, other features using cryptography do not use the embedded FIPS 140-2-validated cryptography module.
Topics:
Configuration Tasks
Preparing the System
Enabling FIPS Mode
Generating Host-Keys
Monitoring FIPS Mode Status
Disabling FIPS Mode
Configuration Tasks
To configure and use FIPS cryptography on the switch, perform these tasks:
Preparing the System
Enabling FIPS Mode
Generating Host-Keys
Monitoring FIPS Mode Status
Disabling FIPS Mode
Preparing the System
Before you enable FIPS mode, Dell Networking recommends making the following changes to your system.
1. Disable the Telnet server (only use secure shell [SSH] to access the system).
2. Disable the FTP server (only use secure copy [SCP] to transfer files to and from the system).
3. Attach a secure, standalone host to the console port for the FIPS configuration to use.
Enabling FIPS Mode
To enable or disable FIPS mode, use the console port.
Secure the host attached to the console port against unauthorized access. Any attempts to enable or disable FIPS mode from a virtual
terminal session are denied.
When you enable FIPS mode, the following actions are taken:
If enabled, the SSH server is disabled.
16
350 FIPS Cryptography