About maintaining FIPS compliance
It is the responsibility of the system administrator of the Riverbed appliance to ensure the system is FIPS compliant. Not all features can be operated in a FIPS-compliant manner and they need to be disabled when in FIPS mode. Some features can be operated in a FIPS-compliant manner by following noted guidance, and other features prevent you from entering into FIPS mode.
The system generates a warning message if you configure noncompliant features. You can view the warning messages with the show fips status command.
The following sections describe configurable features that can affect FIPS compliance and describe how to resolve the warnings. The system does not prevent you from using noncompliant features in FIPS mode, but the system does warn you that they are not FIPS compliant. (The exception is account passwords; you cannot enable FIPS mode if all account passwords do not use compliant encryption.)
The commands in the following sections are configuration commands. You need to enter these commands in configuration mode in the CLI. For detailed information, see the Riverbed Command-Line Interface Reference Manual.
Account passwords
FIPS compliance requires that passwords for user accounts are encrypted using an SHA256-based or SHA512-based hash. The Client Accelerator Controller uses SHA1 for cluster communications. You cannot enable FIPS mode if any user passwords use an MD5-based hash for encryption.
In systems with RCSM, SHA512 is the default hash when creating and updating a user password. However, previous releases used MD5 encryption so when you upgrade to a software release supporting FIPS mode from a release with MD5-based passwords, the MD5 passwords remain in the configuration.
If you attempt to enter FIPS mode on a system with accounts that have MD5 passwords, you’ll see this error message:
amnesiac (config) # fips enable
% User admin has a password hashed using a non-FIPS-allowed hash.
The password(s) must be changed before FIPS mode can be enabled.
The error message identifies the user accounts that need to be updated; in this example, it’s the admin account. You must update the noncompliant passwords or delete the accounts before you can enable FIPS mode. From the CLI, enter the username password command to change passwords.
Product: SteelHead, Interceptor, Client Accelerator Controller
Automatic licensing
Automatic licensing is not FIPS compliant.
This feature uses AES256-MD5 instead of AES256-SHA encryption for communication between the appliance and the licensing server.
To disable this feature, enter these commands:
amnesiac (config) # no license autolicense enable
amnesiac (config) # no license autolicense server <server>
Enabling this feature generates a configuration warning in FIPS mode.
Product: SteelHead, Interceptor, Client Accelerator Controller
Cipher requirements
You need to use this cipher string when running in FIPS mode: TLSv1.2:kRSA:!eNULL:!aNULL
This requirement impacts SSL optimization, secure peering, and the web interface security settings.
To configure the cipher, enter the web ssl cipher command
web ssl cipher TLSv1.2:kRSA:!eNULL:!aNULL
If you do not configure the required cipher string, this message appears after enabling FIPS mode or after entering the show fips status command:
Web SSL ciphers must include the elements in TLSv1.2:kRSA:!eNULL:!aNULL and may optionally delete ciphers.
This message also appears if you make any changes to the web SSL cipher.
Product: SteelHead, Interceptor, Client Accelerator Controller
Citrix optimization and encryption
Citrix optimization and Citrix SecureICA encryption are not FIPS compliant.
To disable these features, enter these commands:
amnesiac (config) # no protocol citrix enable
amnesiac (config) # no protocol citrix secure-ica enable
amnesiac (config) # write memory
Enabling these features generates a configuration warning in FIPS mode.
Product: SteelHead
HTTP Kerberos support
HTTP Kerberos is not FIPS compliant.
To disable this feature, enter these commands:
amnesiac (config) # no protocol http native-krb enable
amnesiac (config) # write memory
Enabling this feature generates a configuration warning in FIPS mode.
Product: SteelHead
IPsec
IPsec is not FIPS compliant.
To disable this feature, enter these commands:
amnesiac (config) # no ip security enable
amnesiac (config) # write memory
To verify your IPsec settings, enter the following command:
amnesiac (config) # show ip security
IP security enabled: no
PFS enabled: yes
IKE rekeying interval: 240
Encryption policy: des <<only used if IPsec is enabled>>
Authentication policy: hmac_md5 <<only used if IPsec is enabled>>
Enabling IPsec triggers a configuration warning in FIPS mode.
Product: SteelHead
Key size requirements
FIPS specifies three techniques for generating and verifying digital signatures for the protection of data: the Digital Signature Algorithm (DSA), the Elliptic Curve Digital Signature Algorithm (ECDSA), and the Rivest-Shamir-Adleman (RSA) Algorithm.
FIPS includes key size requirements when running in FIPS mode. All imported and generated keys need to be these sizes:
• RSA-based and DSA-based certificates:
– 1024 bits (Client Accelerator Controller only)
– 2048 bits
– 3072 bits
• ECDSA certificates:
– 224 bits and higher
These requirements apply to SSL optimization, SSL secure peering, and the web interface.
Product: SteelHead, Interceptor, Client Accelerator Controller
SSL optimization
You need to ensure imported and generated certificates for SSL optimization adhere to FIPS size requirements and use only 1024 (for Client Accelerator Controller), 2048, or 3072 key sizes.
To generate an SSL certificate and specify the key size, from the command line, enter this command:
protocol ssl server-cert name <name> generate-cert rsa key-size *
From the web interface, go to the SSL Main Settings page. Choose Configure > Optimization > SSL Main Settings, and click Add a New SSL Certificate. Specify a compliant key size for generated certificates.
If you specify a noncompliant key size, the system warns you but still generates the certificate.
To generate an SSL certificate and specify the key size for the Client Accelerator Controller, from the command line, enter this command:
secure-peering generate-cert rsa key-size *
Product: SteelHead, Interceptor, Client Accelerator Controller
SSL secure peering
You need to ensure imported and generated certificates for secure peering adhere to FIPS size requirements and use only 1024 (for Client Accelerator Controller), 2048, or 3072 key sizes. The Client Accelerator Controller does not support 3072-bit key sizes; only 1024-bit and 2048-bit key sizes are supported.
To generate a certificate and specify the key size for secure peering from the command line, enter this command:
secure-peering generate-cert rsa key-size *
You can also import certificates with the secure-peering import-cert * and secure‑peering import‑cert‑key * commands.
To generate a certificate and specify the key size for secure peering from the web interface, go to the Secure Peering page. Choose Configure > Optimization > Secure Peering (SSL) page and always generate RSA-based self-signed certificates.
If you specify a noncompliant key size, the system warns you but still generates the certificate.
Product: SteelHead, Interceptor, Client Accelerator Controller
Web user interface
You need to ensure imported and generated certificates for the web interface adhere to FIPS size requirements and use only 1024 (Client Accelerator Controller), 2048, or 3072 key sizes. The Client Accelerator Controller does not support 3072-bit key sizes; only 1024-bit and 2048-bit key sizes are supported.
You manage web interface certificate keys using the web ssl cert generate key-size * command in the CLI and the Configure > Security > Web Settings page in the Management Console. These methods always generate RSA-based self-signed certificates.
In addition to self-signed certificates, you can import certificates using the web ssl cert import-cert * and web ssl cert import-cert-key * commands or the Configure > Security > Web Settings page in the Management Console.
If you specify a key size that is not 1024 (Client Accelerator Controller), 2048, or 3072 with FIPS mode enabled, the system blocks the key generation and warns that the key size is not supported in FIPS mode.
Product: SteelHead, Interceptor, Client Accelerator Controller
Lotus Notes encryption
Encryption for Lotus Notes v1 and v2 is not FIPS compliant.
To disable this feature, enter these commands:
amnesiac (config) # no protocol notes encrypt enable
amnesiac (config) # write memory
Enabling this feature triggers a configuration warning in FIPS mode and optimization is not applied.
Product: SteelHead
MAPI encrypted optimization
MAPI encrypted optimization is not FIPS compliant.
To disable this feature, enter these commands:
amnesiac (config) # no protocol mapi encrypted enable
amnesiac (config) # write memory
Enabling this feature triggers a configuration warning in FIPS mode and optimization is applied.
In FIPS mode, both the client-side and server-side SteelHead must be running RiOS version 9.5 or later for optimization of MAPI encrypted optimization connections to occur. Releases prior to 9.5 do not allow MAPI encrypted optimization in FIPS mode.
Product: SteelHead
Network proxy host
Network proxy host functionality for licensing is not FIPS compliant.
To disable this feature, enter these commands:
amnesiac (config) # no network proxy host <ip-address>
amnesiac (config) # write memory
Enabling this feature triggers a configuration warning in FIPS mode.
Product: SteelHead, Interceptor, Client Accelerator Controller
NTP
NTP using either SHA authentication keys or no authentication keys is FIPS compliant. NTP using MD5 keys is not FIPS compliant.
If you configure an MD5 key for NTP using this command, the system generates a warning message and the system will not be FIPS compliant:
amnesiac (config) # ntp authentication key <id> type MD5 secret <secret-password>
To verify that NTP is running in FIPS mode, examine the system log when NTPD starts (which occurs whenever the NTP configuration is modified) and ensure that the NTPD entry sets FIPS mode:
Mar 18 15:49:57 amnesiac pm[4989]: [pm.NOTICE]: Launched ntpd with pid 27617
Mar 18 15:49:57 amnesiac ntpd[27617]: ntpd 4.2.6p4@1.2324-o Thu May 17 21:31:11 UTC 2012 (1)
.
.
.
Mar 18 15:49:57 amnesiac ntpd[27617]: FIPS_mode_set(1)
For more information about system logs, see
Viewing system logs.
Product: SteelHead, Interceptor, Client Accelerator Controller
RADIUS and TACACS+
The RADIUS and TACACS+ protocols are not FIPS compliant. These protocols use noncompliant hash algorithms. The system displays a warning message if you configure these features in FIPS mode.
The following commands generate a configuration warning in FIPS mode:
aaa accounting per-command default tacacs+
aaa authentication [console-login | login] default [radius | tacacs+]
aaa authorization per-command default tacacs+
Product: SteelHead, Interceptor, Client Accelerator Controller
SCC auto-registration
SCC auto-registration is not FIPS compliant.
To disable this feature, enter these commands:
amnesiac (config) # no scc enable
amnesiac (config) # no scc hostname <host>
amnesiac (config) # write memory
Enabling this feature generates a configuration warning in FIPS mode.
Product: SteelHead, Interceptor, Client Accelerator Controller
Secure transport
Secure transport is not FIPS compliant. The secure transport client starts automatically with no manual configuration required. The SCC manages the appliances participating in a secure transport group. This secure transport group is a set of SteelHeads that share the same cryptographic key material and have connectivity between each other. The following command disables the secure transport client:
amnesiac (config) # no stp-client enable
Product: SteelHead
SMB/CIFS signing
SMB signing is not FIPS compliant. SMB signed connections are not optimized in FIPS mode. Enabling this feature triggers a configuration warning in FIPS mode and optimization is not applied.
To disable SMB signing on the SteelHead, enter these commands:
amnesiac (config) # no protocol cifs smb signing enable
amnesiac (config) # write memory
When FIPS is enabled, these commands are disabled by default:
protocol cifs smb signing enable
protocol smb2 signing native-krb downgrade enable
no protocol cifs smbv1-mode enable
Product: SteelHead
SMB2/3 signing
SMB2/3 signing and SMB encryption may not be FIPS compliant. If the client used NTLM authentication, it is not FIPS compliant. If the client used Kerberos authentication, it is FIPS compliant and optimization is applied.
If the client used NTLM authentication, enabling this feature triggers a configuration warning in FIPS mode. Optimization is still applied.
In RiOS 9.5and later, when the SteelHead is in FIPS mode and SMB2/3 signing is configured to use NTLM delegation mode, authentication might fail with a “KDC has no support for encryption type” error message. You must manually configure the delegate user to support AES encryption. Open Active Directory Users and Computers on the Windows domain controller. Select the Users folder. Select and open the Properties of the delegate user. From Account > Account Options, choose support for both AES 128 and AES 256 encryption.
To disable SMB2/3 signing on the SteelHead, enter these commands:
amnesiac (config) # no protocol smb2 signing enable
amnesiac (config) # write memory
When FIPS is enabled, these commands are disabled by default:
protocol smb2 signing native-krb downgrade enable
no protocol cifs smbv1-mode enable
Down negotiation from SMB2/3 to SMB is disabled.
In FIPS mode, both the client-side and server-side SteelHead must be running RiOS 9.5 or later for optimization of SMB2/3 connections to occur. Releases prior to 9.5 do not allow SMB2/3 signing optimization in FIPS mode.
Product: SteelHead
SNMP
SNMP is FIPS compliant except if SNMP user passwords are configured with noncompliant hash algorithms. If you configure an SNMP user password with MD5 or DES protocols using the following command, the system generates a warning message and the system will not be FIPS compliant:
snmp-server user <username> password plain-text <password> [auth-protocol MD5 priv-protocol DES priv-key plain-text <password>]
To verify that SNMP runs in FIPS mode, look for entries similar to the following in the system log when SNMP starts (which occurs whenever the SNMP configuration changes) and ensure that FIPS mode is set:
Mar 18 16:05:10 amnesiac pm[4989]: [pm.NOTICE]: Launched snmpd with pid 31709
Mar 18 16:05:10 amnesiac snmpd[31709]: FIPS_mode_set(1)
.
.
.
Mar 18 16:05:10 amnesiac snmpd[31709]: NET-SNMP version 5.3.1
For more information about system logs, see
Viewing system logs.
Product: SteelHead, Interceptor, Client Accelerator Controller
SSH
SSH requires the use of one of these ciphers to run in FIPS mode:
• aes128-cbc
• aes192-cbc
• aes256-cbc
• aes128-ctr
• aes192-ctr
• aes256-ctr
• 3des-cbc
Configuring any other ciphers displays a warning message and the system will not be FIPS compliant.
The default ciphers for SSH are aes128-ctr, aes192-ctr, and aes256-ctr. These ciphers are FIPS compliant.
You can configure SSH ciphers with these commands:
amnesiac (config) # ssh server allowed-ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
amnesiac (config) # write memory
To verify your SSH settings, enter this command:
amnesiac (config) # show ssh server allowed-ciphers
SSH server allowed ciphers:
---------------------------
aes128-cbc
3des-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
To verify that SSH is running in FIPS mode, look for entries similar to the following in the syslog when a user logs in:
Mar 18 15:00:30 amnesiac sshd: FIPS_mode_set(1)
Mar 18 15:00:30 amnesiac sshd[14594]: FIPS mode initialized
Product: SteelHead, Client Accelerator Controller
Telnet server
Telnet functionality is not FIPS compliant. Enabling this feature triggers a configuration warning in FIPS mode.
Telnet must be disabled. If Telnet is enabled, an error message appears if you try to enable FIPS mode. If FIPS mode is enabled, the system prevents you from enabling Telnet and provides an error message.
To disable this feature, enter these commands:
amnesiac (config) # no telnet-server enable
amnesiac (config) # no telnet-server permit-admin
amnesiac (config) # write memory
To verify your settings, enter this command:
amnesiac (config) # show telnet-server
Telnet server enabled: no
Product: SteelHead, Interceptor, Client Accelerator Controller
WCCP
The WCCPv2 protocol is not FIPS compliant. This protocol uses noncompliant hash algorithms. The system displays a warning message if you configure this feature in FIPS mode.
Product: SteelHead, Interceptor
Windows Active Directory authentication
Windows Active Directory Authentication is not FIPS compliant.
To disable this feature on the SteelHead, enter these commands:
amnesiac (config) # no protocol domain-auth delegation rule dlg-only *
amnesiac (config) # no protocol domain-auth delegation rule dlg-all-except *
amnesiac (config) # write memory
Enabling this feature triggers a configuration warning in FIPS mode and the appliance will not join the domain.
Product: SteelHead