Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Use the 

fipsconfig

 command to encrypt sensitive data such as passwords and keys, in your appliance. 

If you enable this option, 

The following critical security parameters in your appliance are encrypted and stored:

Certificate private keys

RADIUS passwords

LDAP bind passwords

Local users' password hashes

SNMP password

DK/DKIM signing keys

Outgoing SMTP authentication passwords

PostX encryption keys

PostX encryption proxy password

FTP Push log subscriptions' passwords

IPMI LAN password

Updater server URLs

All users, including the administrators, cannot view the sensitive information in the 
configuration files.

Swap space in your appliance is encrypted to prevent any unauthorized access or forensic attacks, if 
the physical security of the appliance is compromised.

mail.example.com> fipsconfig

FIPS mode is currently enabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

- FIPSCHECK - Check for FIPS mode compliance.

[]> setup

To finalize FIPS mode, the appliance will reboot immediately. No commit will be required.

Are you sure you want to disable FIPS mode and reboot now ? [N]> n

Do you want to enable encryption of sensitive data in configuration file when FIPS mode is 

enabled? Changing the value will result in system reboot [N]> y

Enter the number of seconds to wait before forcibly closing connections.

[30]>

System rebooting.  Please wait while the queue is being closed...

Closing CLI connection.

Rebooting the system...