manualshive.com logo in svg

Fidelis Common Criteria, Configuration Manual

"Introducing Fidelis Common Criteria – an advanced Configuration Manual designed to simplify the setup process. This comprehensive manual provides step-by-step instructions, ensuring easy understanding of the product's features and functionalities. Download the free manual from our website manualshive.com and get started with Fidelis today."

Share
Download
background image

 

 

Fidelis Network Common Criteria Configuration Guide Version 9.0.3   

 

17

 

        

www.fidelissecurity.com

 

 

SFR

 

Event

 

Additional 
Information

 

Sample Log

 

192.168.42.5 

FTP_ITC.1 

Initiation of the 
trusted channel. 

Identification 
of the initiator 

Mar 17 09:50:25 10.42.209.241 syslog-
ng[26996] : Syslog connection 
established; fd=’10’, 
server=’AF_INET(10.42.213.205:6514)’ , 
local=’ AF_INET(0.0.0.0:0)’ 

Termination of the 
trusted channel. 

None 

Mar 17 10:17:37 10.42.209.241 syslog-
ng[28959] syslog-ng shutting down; 
version=’3.7.3’ 

Failure of the trusted 
channel functions. 

Target of 
failed trusted 
channels 
establishment 
attempt 

Mar 17 09:50:15 10.42.209.241 syslog-
ng[26996] : Syslog connection failed; 
fd=’10’, 
server=’AF_INET(10.42.213.205:6514)’ , 
error=’Connection refused (111)’, 
time_reopen=’10’ 

FTP_TRP.1/
Admin 

Initiation of the 
trusted channel. 

Identification 
of the claimed 
user identity. 

Mar 17 09:52:00 10.42.209.241 FSS: 
audit: admin logged on from 
10.42.29.155 

Termination of the 
trusted channel. 

Identification 
of the claimed 
user identity. 

Mar 17 10:00:07 10.42.209.241 FSS: 
audit: admin logged out from 
10.42.209.241 

Failure of the trusted 
channel functions. 

Identification 
of the claimed 
user identity. 

Mar 17 10:01:51 10.42.209.241  FSS: 
audit: admin failed attempt to login from 
10.42.209.155 (calling: login) 

 

 

Component Processes and Descriptions 

The table below lists all Fidelis Network processes that handle network traffic.  

 
Table 3. Traffic Handling Processes and Descriptions

 

Component 

Process Name 

Privilege 

Description 

All 

sshd 

Runs as root 

Secure shell daemon for remote 
access 

All 

rconfigd 

Runs as root 

Serves as the Remote 
Configuration Daemon that is 
required for communication 
between components 

Summary of Contents for Common Criteria

Page 1: ...Fidelis Network Common Criteria Configuration Guide Version 9 0 3 ...

Page 2: ...ts original electronic form and print copies for personal use This document cannot be modified or converted to any other electronic or machine readable form in whole or in part without prior written approval of Fidelis Cybersecurity While we have done our best to ensure that the material found in this document is accurate Fidelis Cybersecurity makes no guarantee that the information contained here...

Page 3: ...cess 4 Change the Default Account Passwords 4 Command Line Session Inactivity Timeout 4 Configure Password Requirements for Local Users 5 Enhanced Information for Common Criteria Configuration of 1 7 Appendix C Common Criteria 7 Common Criteria Compliant Configuration 7 Common Criteria Compliant Trusted Channels to External Components 8 System Updates 8 Digital Signatures for Updates 8 Common Crit...

Page 4: ...de 1 The information in the following sections is new or corrected information related to the Enterprise Setup and Configuration Guide 1 reproduced as entire sections in this document This document provides or references all the necessary instructions to configure monitor and maintain Fidelis Network as certified by Common Criteria This Configuration Guide is applicable to Fidelis Network Version ...

Page 5: ...ck user name at the top of the GUI For iLO the user ID and password are on the unit s label on top of the server Once the user connects to the iLO via a web browser these credentials are needed After logging in the user ID and password can be changed For IMM account and initial password are Account Initial password How to reset USERID PASSW0RD with a zero not the letter O Click Login Settings in t...

Page 6: ... 5 After configuration is complete type exit to log out Appendix A Security Certificates and Common Access Cards Obtaining and Importing a Certificate Follow instructions in this section to generate a Certificate Signing Request CSR obtain a certificate CA certificates CRL import these for use by a Fidelis Network component Run all commands in this section as root In all commands subsystem is the ...

Page 7: ... the certificate For example the component with IPv4 address 192 168 1 40 hostname sensor1 and domain mycompany local should have Subject Alternative Name as follows X509v3 extensions X509v3 Subject Alternative Name IP Address 191 168 1 40 IP Address 0 0 0 0 0 FFFF C0A8 128 DNS sensor1 DNS sensor1 mycompany local In Common Criteria compliant mode of operation the verifyhost parameter in configurat...

Page 8: ...length is administrator configurable from 1 to 999 characters Recommended value is 8 Fidelis Network components utilize Linux Pluggable Authentication Module PAM which provides dynamic authentication support for component applications and services To configure minimum password length for logging into the component via the console the pam cracklib module minlen parameter must be set to the desired ...

Page 9: ...alue and includes the number of characters in the password as well as complexity factors from the password itself For example if and how many capitals numbers or special characters it has In addition to the number of characters in the new password credit of 1 in length is given for each different kind of character other upper lower and digit The default for this parameter is 9 ...

Page 10: ...m administrator privileges 6 Log in as the system administrator user and create user accounts for each person who will use the K2 The admin account should not be used anymore 7 Ensure that session timeouts are set for command line Command Line Session Inactivity Timeout and GUI access GUI Session Inactivity Timeout 8 Create a custom login banner Refer to Custom Login Banner 9 If you are using LDAP...

Page 11: ...d LDAP servers with TLS enabled communications Refer to Enable Client Authentication Refer to chapter 13 of User Guide System Updates Digital Signatures for Updates Fidelis checks for software updates available on the Fidelis Insight Cloud using HTTPS connections A software update is available as a tar package along with its digital signature created using RSA secret key Fidelis will download both...

Page 12: ...verification check failure Power on Self Tests and Process Manager Each system daemon that utilizes Cryptographic Module of the component openssl 1 0 1e fips performs Power on Self Test POST upon initialization In case of POST failure the process or service will fail to initialize and the Cryptographic Module initialization failure messages are entered in var log messages for example Jun 3 23 01 0...

Page 13: ...s and Auditable Events SFR Event Additional Information Sample Log FAU_GEN 1 Start up of audit functions None Sep 8 11 38 12 10 42 212 199 localhost syslog ng 2368 syslog ng starting up version 3 7 3 Sep 8 14 25 43 localhost FSS audit 2423 System startup Shutdown of audit functions None Sep 8 11 34 59 10 42 212 199 04 localhost syslog ng 2369 syslog ng shutting down version 3 7 3 Sep 8 14 23 17 lo...

Page 14: ...ailure Aug 10 10 31 28 localhost FSS audit 91999 Sensor linux90s sensor Error loading CA file FSS etc pki cacert pem Aug 10 10 31 28 localhost TLS ERROR error 02001002 system library fopen No such file or directory Aug 10 10 31 28 localhost error 2006D080 BIO routines BIO_new_file no such file Aug 10 10 31 28 localhost error 0B084002 x509 certificate routines X509_load_cert_crl_file system lib FCS...

Page 15: ...TLS ERROR Local ffff 10 89 184 31 Remote ffff 10 89 184 32 error 140890B2 SSL routines SSL3_GET_CLIENT_CERTIFI CATE no certificate returned FIA_AFL 1 Unsuccessful login attempts limit is met or exceeded Administrator identity and the origin of the login attempt e g IP address Sep 8 11 26 18 localhost FSS audit 106367 k2admin failed attempt to login from 10 89 184 30 calling login Sep 8 11 26 28 lo...

Page 16: ... Cybersecurity OU Research and De velpoment CN Vadim Fidelis RootCA1 emailAddress VF RootCA1 fidelissecurity com Aug 11 13 34 33 localhost Subject C US ST MD L Bethesda O Fidelis Cybersecurity OU Research and D evelpoment CN VF RCA1 Server1 emailAddress VF RCA1 Server1 fidelissecurity com Aug 11 13 34 33 localhost TLS ERROR Local ffff 10 89 184 31 Remote ffff 10 89 184 32 error 140890B2 SSL routin...

Page 17: ...F data TSF data affected by the change Sep 8 15 07 43 localhost FSS audit 21670 FSS etc login cf changed pw_minlen from 0 to 10 Sep 8 15 12 58 localhost FSS audit 24675 New file FSS jail FPDATA k2admin contentfinger print big txt created FMT_MTD 1 CryptoKeys Management of cryptographic keys Key Management action generation destruction import and Critical Security Parameter CSP identification Sep 8...

Page 18: ...T Sep 8 23 40 11 localhost SHA 256 fingerprint AA 20 D3 46 F7 5D 08 58 E5 86 6 C 41 E6 14 7B A1 E4 6B FA A7 EB 38 A1 2F D1 4B F8 A4 70 73 C B 4C FPT_ITT 1 Initiation of the trusted channel Termination of the trusted channel Failure of the trusted channel functions Identification of the initiator and target of failed trusted channels establishment attempt Mar 29 16 18 37 localhost FSS audit 77497 a...

Page 19: ...w York New time Fri Sep 8 17 46 40 UTC 2017 EST5EDT Set by localhost FPT_TUD_E XT 1 Initiation of update Identification of the initiator software update version and target s of update Feb 21 10 47 03 localhost FSS audit 32671 admin started install of version 9 0 3 20180221 for components linux90col Result of the update attempt success or failure Target of update distributed TOE component identific...

Page 20: ...111 time_reopen 10 FTP_TRP 1 Admin Initiation of the trusted channel Identification of the claimed user identity Mar 17 09 52 00 10 42 209 241 FSS audit admin logged on from 10 42 29 155 Termination of the trusted channel Identification of the claimed user identity Mar 17 10 00 07 10 42 209 241 FSS audit admin logged out from 10 42 209 241 Failure of the trusted channel functions Identification of...

Page 21: ...b Proxy and processes it for policy violations Making Configuration Changes The vi editor bin vi may be used when making manual changes to files on a Fidelis Network system Set Up FIPS 140 2 Certificates Fidelis Network ships with FIPS 140 2 mode for communication enabled by default Users must install and set up FIPS 140 2 compliant certificates and enable FIPS 140 2 encryption for data storage on...

Page 22: ...1 Failure to establish a TLS session due to misconfiguration CA certificate file is not found CRL file is not found Verify that correct CA certificate and CRL files are installed in the path specified by the error message Aug 10 10 31 28 localhost FSS audit 91999 Sensor linux90s sensor Error loading CA file FSS etc pki cacert pem Aug 10 10 31 28 localhost TLS ERROR error 02001002 system library fo...

Page 23: ...r and or TLS Client set as appropriate Aug 11 13 34 33 localhost FSS audit 42996 TLS ERROR Local ffff 10 89 184 31 Remote ffff 10 89 184 32 Certificate verification error 26 unsupported certificate purpose Aug 11 13 34 33 localhost Depth 0 Aug 11 13 34 33 localhost Issuer C US ST MD L Bethesda O Fidelis Cybersecurity OU Research and De velpoment CN Vadim Fidelis RootCA1 emailAddress VF RootCA1 fid...

Page 24: ...nnection is first established upon successful registration of the component to K2 test functions are available to verify proper connections However network connections may fail for many reasons Fidelis Network will continually attempt to reestablish the connection until working order is restored Messages are available from log files to indicate any detected errors in communications After restoring...

Page 25: ...iguration Guide Version 9 0 3 22 www fidelissecurity com References 1 Fidelis Cybersecurity Fidelis Network Version 9 0 3 Enterprise Setup and Configuration Guide 2017 2 Fidelis Cybersecurity Fidelis Network Version 9 0 3 User Guide 2017 ...

Reviews:

No comments

Related manuals for Common Criteria

Ubiquiti M900 Quick Start Manual preview
M900
Brand: Ubiquiti Pages: 24
Analog Devices Linear SCP-LT8362-S-EVALZ Demo Manual preview
Linear SCP-LT8362-S-EVALZ
Brand: Analog Devices Pages: 8
3Com Token Ring Getting Started Manual preview
Token Ring
Brand: 3Com Pages: 18
Supermicro SC836 X9 User Manual preview
SC836 X9
Brand: Supermicro Pages: 24
Commell CMB-673 Installation Manual preview
CMB-673
Brand: Commell Pages: 9
Mellanox Technologies ConnectX-3 Pro MCX349A-XCCN User Manual preview
ConnectX-3 Pro MCX349A-XCCN
Brand: Mellanox Technologies Pages: 35
Paradyne Hotwire 8775 MSDSL Installation Instructions Manual preview
Hotwire 8775 MSDSL
Brand: Paradyne Pages: 10
WABCO CAN Router Manual preview
CAN Router
Brand: WABCO Pages: 29
Cabletron Systems SmartSwitch 8-slot User'S Reference Manual preview
SmartSwitch 8-slot
Brand: Cabletron Systems Pages: 150
Delta Electronics PFC Chokes PFC3515V Series Specification Sheet preview
PFC Chokes PFC3515V Series
Brand: Delta Electronics Pages: 1
Datum bc635VME Operation And Technical Manual preview
bc635VME
Brand: Datum Pages: 49
Gtran Wireless DotSurfer GPC-2100 User Manual preview
DotSurfer GPC-2100
Brand: Gtran Wireless Pages: 44
Jetter JVM-507B - HMI Installation Manual preview
JVM-507B - HMI
Brand: Jetter Pages: 20
Lanner HMB-6110 User Manual preview
HMB-6110
Brand: Lanner Pages: 43
StarTech.com PCI555WG Instruction Manual preview
PCI555WG
Brand: StarTech.com Pages: 16
Adaptec 2025ZCR - SCSI RAID Storage Controller Datasheet preview
2025ZCR - SCSI RAID Storage Controller
Brand: Adaptec Pages: 2
E-TOP BR080n User Manual preview
BR080n
Brand: E-TOP Pages: 90
Ingenic XBurst 2 CPU Core Programming Manual preview
XBurst 2 CPU Core
Brand: Ingenic Pages: 143

Brands by name

Popular brands

Load more brands