- play_arrow Overview
- Understanding the Common Criteria Evaluated Configuration
- Understanding Junos OS in FIPS Mode of Operation
- Understanding FIPS Mode of Operation Terminology and Supported Cryptographic Algorithms
- Configuring the Time and Date
- Configuring the User Session Idle Timeout
- Understanding Management Interfaces
- play_arrow Configuring Network Time Protocol
- play_arrow Configuring Roles and Authentication Methods
- Understanding Roles and Services for Junos OS in FIPS Mode of Operation
- Understanding Services for Junos OS in FIPS Mode of Operation
- Downloading Software Packages from Juniper Networks (FIPS Mode)
- Installing Junos Software Packages
- Understanding Zeroization to Clear System Data for FIPS Mode of Operation
- How to Enable and Configure Junos OS in FIPS Mode of Operation
- play_arrow Configuring SSH and Console Connection
- play_arrow Configuring the Remote Syslog Server
- play_arrow Configuring Audit Log Options
- play_arrow Configuring Event Logging
- play_arrow Configuring VPNs
- play_arrow Configuring Security Flow Policies
- play_arrow Configuring Traffic Filtering Rules
- Overview
- Understanding Protocol Support
- Configuring Traffic Filter Rules
- Configuring Default Deny-All and Reject Rules
- Logging the Dropped Packets Using Default Deny-all Option
- Configuring Mandatory Reject Rules for Invalid Fragments and Fragmented IP Packets
- Configuring Default Reject Rules for Source Address Spoofing
- Configuring Default Reject Rules with IP Options
- Configuring Default Reject Rules
- play_arrow Configuring Network Attacks
- Configuring IP Teardrop Attack Screen
- Configuring TCP Land Attack Screen
- Configuring ICMP Fragment Screen
- Configuring Ping-Of-Death Attack Screen
- Configuring tcp-no-flag Attack Screen
- Configuring TCP SYN-FIN Attack Screen
- Configuring TCP fin-no-ack Attack Screen
- Configuring UDP Bomb Attack Screen
- Configuring UDP CHARGEN DoS Attack Screen
- Configuring TCP SYN and RST Attack Screen
- Configuring ICMP Flood Attack Screen
- Configuring TCP SYN Flood Attack Screen
- Configuring TCP Port Scan Attack Screen
- Configuring UDP Port Scan Attack Screen
- Configuring IP Sweep Attack Screen
- play_arrow Configuring the IDP Extended Package
- play_arrow Configuring Cluster Mode
- play_arrow Performing Self-Tests on a Device
- play_arrow Configuration Statements
- checksum-validate
- code
- data-length
- destination-option
- extension-header
- header-type
- home-address
- identification
- icmpv6 (Security IDP Custom Attack)
- ihl (Security IDP Custom Attack)
- option-type
- reserved (Security IDP Custom Attack)
- routing-header
- sequence-number (Security IDP ICMPv6 Headers)
- type (Security IDP ICMPv6 Headers)
- play_arrow Junos-FIPS Configuration Restrictions
Configuring a Common Criteria Authorized Administrator
An account for root
is always present in a configuration and is not intended
for use in normal operation. In the evaluated configuration, the root
account
is restricted to the initial installation and configuration of the evaluated device.
A Common Criteria authorized administrator must have all permissions, including the ability to change the router configuration.
To configure an authorized administrator:
The root password should be reset following the change to sha256 for the password storage
format. This ensures the new password is protected using a sha256 hash, rather than the
default password hashing algorithm. To reset the root password, use the set system
login user root password password
command, and confirm the new
password when prompted.