Juniper Networks SSG 5 and SSG 20 Security Policy
• HMAC-SHA-1, HMAC-SHA-256
• RSA Sign/Verify (PKCS #1)
• ANSI X9.31 DRNG
The module supports the following communication protocols which are allowed in FIPS mode:
• SSL v3.1
• SSH v2
• IPSec
Non-FIPS Approved Algorithms
The following non-approved algorithms are allowed in FIPS mode:
• DH (key agreement, key establishment methodology provides 97 or 112 bits of strength)
• Elliptic Curve Diffie-Hellman (key establishment methodology provides 128 bits of
strength)
• NDRNG
The following non-approved algorithms/protocols are disabled in FIPS mode:
• RSA encryption/decryption
• DES
• MD5
• SNMP v3
Zeroization
All keys and unprotected security parameters can be individually zeroized through the Unset, Clear,
Delete, and Reset commands. Pressing the hardware reset button or issuing the “unset vendor-def”
CLI command will cause the zeroization of all CSPs by reseting the device configuration to the factory
default values.
To Next Page
Loading...
