Administration of the Avaya G350 Media Gateway - Avaya Support

FIPSPassword guidelinesBelow are general guidelines for defining passwords. To maximize security, it is recommendedto follow these guidelines or use company guidelines where available.●●Password length●●●User password: at least eight charactersOther passwords: at least six charactersPSK (pre-shared keys) for IKE: at least 13 charactersUse a combination of upper and lower case letters, numbers and symbols.Note: You●●Note:may use any printable character, such as ?, ! or *Do not use passwords that are easy to guess, such as names, dates, or telephonenumbers.Keep passwords in a safe place.Managing the module in FIPS-compliant modeIn FIPS-approved operation mode, all remote configuration activities (Telnet/TFTP/SNMP/FTP)are channeled through a VPN tunnel. The console port is used for local administration.Management through all other interfaces is disabled. In addition, the module will:●●●●●Disable Administration over SSH protocol.Disable dial-in via the modem ports (serial and USB).Restrict troubleshooting services in the production environment by blocking all non-FIPScompliant dev/tech commands, such as tShell.Disable loading and output of configuration files from/to the SCP server.Allow loading and output of configuration files from/to the TFTP/FTP server only over aVPN-encrypted tunnel.SECURITY ALERT:! SECURITY ALERT:The “FIPS mode” of operation is permanent. If you do not fulfill all of the steps,you void Gateway FIPS-compliant operation. The same happens if, after enteringFIPS mode, you execute an operation that is not consistent with theFIPS-approved mode of operation. Also note that execution of the NVRAM Initor zeroize commands clear the above defined FIPS-approved modeconfiguration and returns the box to factory defaults.306 Administration of the Avaya G350 Media Gateway