Appendix: Enhancing System Security According to NIST SP 800-131A
Our switch systems, by default, work with NIST SP 800-131A, as described in the table below.
This appendix describes how to enhance the security of a system in order to comply with the NIST SP 800-131A standard. This standard is a document which defines cryptographically “acceptable” technologies. This document explains how to protect against possible cryptographic vulnerabilities in the system by using secure methods. Because of compatibility issues, this security state is not the default of the system and it should be manually set.
Some protocols, however, cannot be operated in a manner that complies with the NIST SP 800-131A standard.
Component | Configuration | Command |
HTTP | HTTP disabled | no web http enable |
HTTPS | HTTPS enabled | no web https enable |
SSL ciphers = TLS1.2 | web https ssl ciphers all | |
SSL renegotiation disabled | web https ssl renegotiation enable | |
SSH | SSH version = 2 | ssh server min-version 1 |
SSH ciphers = aes256-ctr, aes192-ctr, aes128-ctr, | no ssh server security strict |
The OS supports signature generation of sha256WithRSAEncryption, sha1WithRSAEncryption self-signed certificates, and importing certificates as text in PEM format.
To configure a default certificate:
Create a new sha256 certificate.
switch
(config) # crypto certificate name <cert name> generate self-signed hash-algorithm sha256WarningFor more details and parameters refer to the command “crypto certificate name”.
Show crypto certificate detail.
switch
(config) # show crypto certificate detailSearch for “signature algorithm” in the output.
Set this certificate as the default certificate. Run:
switch
(config) # crypto certificatedefault
-cert name <cert name>
To configure default parameters and create a new certificate:
Define the default hash algorithm.
switch
(config) # crypto certificate generationdefault
hash-algorithm sha256Generate a new certificate with default values.
switch
(config) # crypto certificate name <cert name> generate self-signedWarningWhen no options are selected, the generated certificate uses the default values for each field.
To test strict mode connect to the WebUI using HTTPS and get the certificate. Search for “signature algorithm”.
There are other ways to configure the certificate to sha256. For example, it is possible to use “certificate generation default hash-algorithm” and then regenerate the certificate using these default values.
It is recommended to delete browsing data and previous certificates before retrying to connect to the WebUI.
Make sure not to confuse “signature algorithm” with “Thumbprint algorithm”.
SNMPv3 supports configuring username, authentication keys and privacy keys. For authentication keys it is possible to use MD5 or SHA. For privacy keys AES or DES are to be used.
To configure strict mode, create a new user with HMAC-SHA1-96 and AES-128. Run:
switch
(config) # snmp-server user <username> v3 auth sha <password1> priv aes-128
<password2>
To verify the user in the CLI, run:
switch
(config) # show snmp user
To test strict mode, configure users and check them using the CLI, then run an SNMP request with the new users.
SNMPv1 and SNMPv2 are not considered to be secure. To run in strict mode, only use SNMPv3.
By default, the OS supports HTTPS encryption using TLS1.2 only. Working in TLS1.2 mode also bans MD5 ciphers which are not allowed per NIST 800-131a. In strict mode, the switch supports encryption with TLS1.2 only with the following supported ciphers:
RSA_WITH_AES_128_CBC_SHA256
RSA_WITH_AES_256_CBC_SHA256
DHE_RSA_WITH_AES_128_CBC_SHA256
DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
To enable all encryption methods, run:
switch
(config) # web https ssl ciphers all
To enable only TLS ciphers (enabled by default), run:
switch
(config) # web https ssl ciphers TLS
To enable HTTPS strict mode, run:
switch
(config) # web https ssl ciphers TLS1.2
To verify which encryption methods are used, run:
switch
(config)# show web
Web User Interface:
Web interface
enabled: yes
HTTP enabled: yes
HTTP port: 80
HTTP redirect to HTTPS: no
HTTPS enabled: yes
HTTPS port: 443
HTTPS ssl-ciphers: TLS1.2
HTTPS certificate name: default
-cert
Listen enabled: yes
No Listen Interfaces.
Inactivity timeout: disabled
Session timeout: 2
hr 30
min
Session renewal: 30
min
Web file transfer proxy:
Proxy enabled: no
Web file transfer certificate authority:
HTTPS server cert verify: yes
HTTPS supplemental CA list: default
-ca-list
On top of enabling HTTPS, to prevent security breaches HTTP must be disabled.
To disable HTTP, run:
switch
(config) # no web http enable
Code signing is used to verify that the data in the image is not modified by any third-party. The operating system supports signing the image files with SHA256, RSA2048 using GnuPG.
Strict mode is operational by default.
The SSH server on the switch by default uses secure ciphers only, message authentication code (MAC), key exchange methods, and public key algorithm. When configuring SSH server to strict mode, the aforementioned security methods only use approved algorithms as detailed in the NIST 800-181A specification and the user can connect to the switch via SSH in strict mode only.
To enable strict security mode, run the following:
switch
(config) # ssh server security strict
The following ciphers are disabled for SSH when strict security is enabled:
3des-cbc
aes256-cbc
aes192-cbc
aes128-cbc
rijndael-cbc@lysator.liu.se
The no form of the command disables strict security mode.
Make sure to configure the SSH server to work with minimum version 2 since 1 is vulnerable to security breaches.
To configure min-version to strict mode, run:
switch
(config) # ssh server min-version 2
Once this is done, the user cannot revert back to minimum version 1.
By default, the switches support LDAP encryption SSL version 3 or TLS1.0 up to TLS1.2. The only banned algorithm is MD5 which is not allowed per NIST 800-131a. In strict mode, the switch supports encryption with TLS1.2 only with the following supported ciphers:
DHE-DSS-AES128-SHA256
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-DSS-AES256-SHA256
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
AES128-SHA256
AES128-GCM-SHA256
AES256-SHA256
AES256-GCM-SHA384
To enable LDAP strict mode, run the following:
switch
(config) # ldap ssl mode {start-tls | ssl}
Both modes operate using SSL. The different lies in the connection initialization and the port used.