Appendix: Enhancing System Security According to NIST SP 800-131A
Our switch systems, by default, work with NIST SP 800-131A, as described in the table below.
This appendix describes how to enhance the security of a system in order to comply with the NIST SP 800-131A standard. This standard is a document which defines cryptographically “acceptable” technologies. This document explains how to protect against possible cryptographic vulnerabilities in the system by using secure methods. Because of compatibility issues, this security state is not the default of the system and it should be manually set.
Some protocols, however, cannot be operated in a manner that complies with the NIST SP 800-131A standard.
| Component | Configuration | Command | 
| HTTP | HTTP disabled | no web http enable | 
| HTTPS | HTTPS enabled | no web https enable | 
| SSL ciphers = TLS1.2 | web https ssl ciphers all | |
| SSL renegotiation disabled | web https ssl renegotiation enable | |
| SSH | SSH version = 2 | ssh server min-version 1 | 
| SSH ciphers = aes256-ctr, aes192-ctr, aes128-ctr, | no ssh server security strict | 
The OS supports signature generation of sha256WithRSAEncryption, sha1WithRSAEncryption self-signed certificates, and importing certificates as text in PEM format.
To configure a default certificate:
- Create a new sha256 certificate. - switch(config) # crypto certificate name <cert name> generate self-signed hash-algorithm sha256Warning- For more details and parameters refer to the command “crypto certificate name”. 
- Show crypto certificate detail. - switch(config) # show crypto certificate detail- Search for “signature algorithm” in the output. 
- Set this certificate as the default certificate. Run: - switch(config) # crypto certificate- default-cert name <cert name>
To configure default parameters and create a new certificate:
- Define the default hash algorithm. - switch(config) # crypto certificate generation- defaulthash-algorithm sha256
- Generate a new certificate with default values. - switch(config) # crypto certificate name <cert name> generate self-signedWarning- When no options are selected, the generated certificate uses the default values for each field. 
To test strict mode connect to the WebUI using HTTPS and get the certificate. Search for “signature algorithm”.
There are other ways to configure the certificate to sha256. For example, it is possible to use “certificate generation default hash-algorithm” and then regenerate the certificate using these default values.
It is recommended to delete browsing data and previous certificates before retrying to connect to the WebUI.
Make sure not to confuse “signature algorithm” with “Thumbprint algorithm”.
SNMPv3 supports configuring username, authentication keys and privacy keys. For authentication keys it is possible to use MD5 or SHA. For privacy keys AES or DES are to be used.
To configure strict mode, create a new user with HMAC-SHA1-96 and AES-128. Run:
            
            switch (config) # snmp-server user <username> v3 auth sha <password1> priv aes-128 <password2>
    To verify the user in the CLI, run:
            
            switch (config) # show snmp user
    To test strict mode, configure users and check them using the CLI, then run an SNMP request with the new users.
SNMPv1 and SNMPv2 are not considered to be secure. To run in strict mode, only use SNMPv3.
By default, the OS supports HTTPS encryption using TLS1.2 only. Working in TLS1.2 mode also bans MD5 ciphers which are not allowed per NIST 800-131a. In strict mode, the switch supports encryption with TLS1.2 only with the following supported ciphers:
- RSA_WITH_AES_128_CBC_SHA256 
- RSA_WITH_AES_256_CBC_SHA256 
- DHE_RSA_WITH_AES_128_CBC_SHA256 
- DHE_RSA_WITH_AES_256_CBC_SHA256 
- TLS_RSA_WITH_AES_128_GCM_SHA256 
- TLS_RSA_WITH_AES_256_GCM_SHA384 
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
To enable all encryption methods, run:
            
            switch (config) # web https ssl ciphers all
    To enable only TLS ciphers (enabled by default), run:
            
            switch (config) # web https ssl ciphers TLS
    To enable HTTPS strict mode, run:
            
            switch (config) # web https ssl ciphers TLS1.2
    To verify which encryption methods are used, run:
            
            switch (config)# show web
Web User Interface:
 Web interface enabled: yes
 HTTP enabled: yes
 HTTP port: 80
 HTTP redirect to HTTPS: no
 HTTPS enabled: yes
 HTTPS port: 443
 HTTPS ssl-ciphers: TLS1.2
 HTTPS certificate name: default-cert
 Listen enabled: yes
 No Listen Interfaces.
 
 Inactivity timeout: disabled
 Session timeout: 2 hr 30 min
 Session renewal: 30 min
 
Web file transfer proxy:
 Proxy enabled: no
 
Web file transfer certificate authority:
 HTTPS server cert verify: yes
 HTTPS supplemental CA list: default-ca-list
    On top of enabling HTTPS, to prevent security breaches HTTP must be disabled.
To disable HTTP, run:
            
            switch (config) # no web http enable
    Code signing is used to verify that the data in the image is not modified by any third-party. The operating system supports signing the image files with SHA256, RSA2048 using GnuPG.
Strict mode is operational by default.
The SSH server on the switch by default uses secure ciphers only, message authentication code (MAC), key exchange methods, and public key algorithm. When configuring SSH server to strict mode, the aforementioned security methods only use approved algorithms as detailed in the NIST 800-181A specification and the user can connect to the switch via SSH in strict mode only.
To enable strict security mode, run the following:
            
            switch (config) # ssh server security strict
    The following ciphers are disabled for SSH when strict security is enabled:
- 3des-cbc 
- aes256-cbc 
- aes192-cbc 
- aes128-cbc 
- rijndael-cbc@lysator.liu.se 
The no form of the command disables strict security mode.
Make sure to configure the SSH server to work with minimum version 2 since 1 is vulnerable to security breaches.
To configure min-version to strict mode, run:
            
            switch (config) # ssh server min-version 2
    Once this is done, the user cannot revert back to minimum version 1.
By default, the switches support LDAP encryption SSL version 3 or TLS1.0 up to TLS1.2. The only banned algorithm is MD5 which is not allowed per NIST 800-131a. In strict mode, the switch supports encryption with TLS1.2 only with the following supported ciphers:
- DHE-DSS-AES128-SHA256 
- DHE-RSA-AES128-SHA256 
- DHE-DSS-AES128-GCM-SHA256 
- DHE-RSA-AES128-GCM-SHA256 
- DHE-DSS-AES256-SHA256 
- DHE-RSA-AES256-SHA256 
- DHE-DSS-AES256-GCM-SHA384 
- DHE-RSA-AES256-GCM-SHA384 
- ECDH-ECDSA-AES128-SHA256 
- ECDH-RSA-AES128-SHA256 
- ECDH-ECDSA-AES128-GCM-SHA256 
- ECDH-RSA-AES128-GCM-SHA256 
- ECDH-ECDSA-AES256-SHA384 
- ECDH-RSA-AES256-SHA384 
- ECDH-ECDSA-AES256-GCM-SHA384 
- ECDH-RSA-AES256-GCM-SHA384 
- ECDHE-ECDSA-AES128-SHA256 
- ECDHE-RSA-AES128-SHA256 
- ECDHE-ECDSA-AES128-GCM-SHA256 
- ECDHE-RSA-AES128-GCM-SHA256 
- ECDHE-ECDSA-AES256-SHA384 
- ECDHE-RSA-AES256-SHA384 
- ECDHE-ECDSA-AES256-GCM-SHA384 
- ECDHE-RSA-AES256-GCM-SHA384 
- AES128-SHA256 
- AES128-GCM-SHA256 
- AES256-SHA256 
- AES256-GCM-SHA384 
To enable LDAP strict mode, run the following:
            
            switch (config) # ldap ssl mode {start-tls | ssl}
    Both modes operate using SSL. The different lies in the connection initialization and the port used.