Features Configuration

FIPS Mode

When operating in FIPS mode, the ETEP must be configured to use FIPS-approved encryption and authentication algorithms. FIPS approved algorithms are listed in Table 103. Note that some of the FIPS- approved algorithms are available for use only on the management port.

EncrypTight prevents the ETEP from entering FIPS mode if ETPM detects EncrypTight distributed key policies that contain non-FIPS approved algorithms.

The ETEP prevents entry into FIPS mode when any of the following conditions are true:

EncrypTight distributed key policies are installed that use non-FIPS approved algorithms

IKE policies are configured on the management port interface that use non-FIPS approved algorithms

Manual key policies are installed on the management port interface. If you plan to use manual key policies, deploy them after FIPS mode is enabled on the ETEP.

SNMPv3 configuration uses cryptography for SNMP trap hosts, but no IPsec policy has been configured to protect the SNMP traffic for each specific trap host

The debug shell is in use

Strict client authentication is enabled on the management port

If you plan to use strict authentication to secure management port communications, you must enable FIPS mode prior to enabling strict authentication. To learn more about using strict authentication, see the “About Strict Authentication” on page 262 and “Order of Operations” on page 263.

Table 103 FIPS approved encryption and authentication algorithms

Encryption algorithms

Authentication algorithms

3des-cbc

sha1-96-hmac

aes128-cbc

sha2-256-hmac

aes256-cbc

sha2-384-hmac

 

 

Related topics:

“About Strict Authentication” on page 262

“Order of Operations” on page 263

“SNMPv3” on page 316

ETEP CLI User Guide, “FIPS 140-2 Level 2 Operation”

Enabling FIPS Mode

To configure the ETEP for FIPS operation, select the Enable FIPS Mode checkbox.

After pushing a FIPS-enabled configuration to the ETEP, it takes several minutes for the ETEP to enter FIPS mode. Some communications services are reset when FIPS is enabled and disabled. SSH sessions are terminated, and cannot be reestablished until FIPS mode is fully operational. You may experience a brief loss of connectivity between the ETEP and ETEMS.

When putting the ETEP in FIPS mode, the ETEP performs the following actions and self-tests:

Runs self-tests during the boot process and when entering FIPS mode that include cryptographic algorithm tests, firmware integrity tests, and critical function tests

EncrypTight User Guide

331

Page 330
Image 330
Black Box EncrypTight, ET1000A, ET0010A manual Enabling Fips Mode, Fips approved encryption and authentication algorithms

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.