Filter
Top Products
EncrypTight User Guide 261
20 Using Enhanced Security Features
This section includes the following topics:
● About Enhanced Security Features
● About Strict Authentication
● Using Certificates in an EncrypTight System
● Changing the Keystore Password
● Configuring the Certificate Policies Extension
● Working with Certificates for EncrypTight and the ETKMSs
● Working with Certificates and an HSM
● Working with Certificates for the ETEPs
● Validating Certificates
● Enabling and Disabling Strict Authentication
● Removing Certificates
● Using a Common Access Card
About Enhanced Security Features
EncrypTight provides a number of features that you can use to increase system security. These features
are disabled by default, but available for your use. Some of these features are specific to the operation of
the ETEPs, while others affect system-wide EncrypTight operations. Enhanced security features include:
● FIPS mode
Federal Information Processing Standards are security standards that govern the use of computer
systems in non-military U.S. government agencies and contractors. When ETEPs operate in FIPS
mode, only specific encryption and authentication algorithms are accepted. To learn more about
ETEPs and FIPS mode, see “FIPS Mode” on page 331.
● IPsec on the management interface
By default, communication between the management workstation and the ETEPs is secured using
SSH and TLS. You can provide additional security for EncrypTight management communications by
using IPsec policies on the management ports instead. This feature is controlled through the command
line interface for the ETEP. To learn more about creating IPsec policies for the ETEP management
ports, refer to the ETEP CLI User Guide.