/
TOI : TOI :

TOI : - PowerPoint Presentation

kittie-lecroy
kittie-lecroy . @kittie-lecroy
Follow
359 views
Uploaded On 2016-03-22

TOI : - PPT Presentation

FIPS 1402 compliance Unity Connection 86 Mike Canfield Test engineer Yolanda Liu Dev engineer What is FIPS 1402 Federal Information Processing Standards Publication 1402 Security requirements for Cryptographic Modules ID: 266007

140 fips command mode fips 140 mode command system enable server cisco cucm secure service logs cli toi disable

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "TOI :" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

TOI: FIPS 140-2 compliance

Unity Connection 8.6

Mike Canfield- Test engineer

Yolanda Liu – Dev engineerSlide2

What is FIPS 140-2

Federal Information Processing Standards Publication 140-2

Security requirements for Cryptographic Modules

Unity Connection uses

FIPS

compliant crypto

libraries

Literally restricts which ciphers and algorithms can be used

Detects if libraries have been tampered with and halts systemSlide3

Enabling/Disabling FIPS mode

Enable

FIPS

in CLI with the following command:

Disable FIPS in CLI with the following command:Command only applies to the current server. To enable FIPS on all the servers in the cluster, run the CLI command on each server. IMPORTANT: enable/disable FIPS on the next server only when the current server has come back up in FIPS mode.

admin:utils fips enable

admin:utils

fips

disableSlide4

FIPS status

Status

check in

CLI

with the following command:

Returns the current FIPS mode If the system is in FIPS mode the status of the FIPS 140-2 components startup self-tests and integrity check.

admin:utils fips statusSlide5

Fresh installInstall system

Enable

FIPS

Configure system as normalSlide6

Pre-existing telephony systems

Secure ports:

SCCP

or SIP

Edit 4/28/2011: You need to regenerate the root certificate for non-secure telephony integrations too.

Regenerate root certificateUpload root cert to CUCMRestart CallManager service on CUCMRestart Conversation Manager service on Unity Connection

Confirm ports are registeredRelevant logs for troubleshooting:CuCsMgrCuMixer

Tomcat

When examining logs look for:

SSL

,

openssl

,

SSH

, type errorsSlide7

Unified Messaging Service

Set Web-based Authentication Mode from "

NTLM

/Digest" to "Basic“

Use "test" button

IMPORTANT: Because “Basic” is used, an IPsec policy must be configured to be secure/FIPS compliantRelevant logs for troubleshooting:CuMbxSyncCuCsMgrTomcat

When examining logs look for: SSL, openssl, SSH, type errorsSlide8

Other IPSec dependencies

Please refer to Unity Connection 8.6 documentation

Edit 4/28/2011- As an FYI:

Digital Networking

Secure messaging will be protected by

IPsec across diginetUM service (unlikely FIPS systems will have this enabled)Speechview (unlikely FIPS systems will have this enabled)Slide9

Troubleshooting

If the

FIPS

integrity and self-tests testing fails during boot up, the system halts. Users can try a reboot to check if the condition is a temporary problem. If the issue persists, only option is to decommission the server or use a recovery CD.

It’s very unlikely but

FIPS modules can fail FIPS checks during run time. In this case, the client application will likely core. If a restart doesn’t fix the problem, Cisco will need to take a closer look. Anything dealing with encryption could potentially be impacted by FIPS. If this is suspected, disable FIPS mode and attempt to reproduce the issue to determine possible relationship.Slide10

References

Other Cisco

FIPS

140-2

TOI

http://wwwin-eng.cisco.com/Eng/VTG/IPCBU/CUCM/CallManager_MontBlanc/Presentations/FIPS_TOI.pptx http://wwwin-eng.cisco.com/Eng/VTG/IPCBU/CUCM/CallManager_MontBlanc/Presentations/MontBlanc_IR2_UCR2008_FIPS_PKI-IA_IPSec_Auth_TOI.pptxFIPS 140-2 General informationhttp://en.wikipedia.org/wiki/FIPS_140-2http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

Related Contents


Next Show more