< Universal Terminal Server (UTS) Telnet Server / < Security Pack / < Optional connection restrictions

> Restrict Access to a GSW FIPS 140-2 Clients

FORCE COMPLIANCE!

Restrict User to GSW FIPS 140-2 Clients

This feature allows connections only from the Georgia SoftWorks FIPS 140-2 SSH2 Clients. This is a high level of security that the system administrator can configure. Many times the system administrator will insist that END to END FIPS 140-2 compliance is the only allowable option.

The variables Gsw_FIPSOnly, EnableRFC854Clients, AllowTelnetWithSSH and LcnOnLoopbackOnly are registry key values. Used in conjunction, with specific values, these Registry keys enable or disable the ability to restrict connection only by GSW FIPS 140-2 compliant clients. The keys are:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\AllowTelnetWithSSH
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\EnableRFC854Clients
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\GSW_FIPSOnly
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\LsnOnLoopBackOnly

Set each registry key value to the following

  • AllowTelnetWithSSH=0
  • EnableRFC854Clients=0
  • GSW_FIPSOnly=1
  • LsnOnLoopBack=1

Only allow connections from GSW SSH clients (both FIPS 140-2 compliant and non-FIPS 140-2)

The variables GswFIPSOnly, EnableRFC854Clients and AllowTelnetWithSSH are registry key values. Used in conjunction, with specific values, these Registry keys enable or disable the ability to restrict connection only by GSW SSH clients. The keys are:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\AllowTelnetWithSSH
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\EnableRFC854Clients
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\GSW_FIPSOnly
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\LsnOnLoopBackOnly

Set each registry jey value to the following

  • AllowTelnetWithSSH=0
  • EnableRFC854Clients=0
  • GSW_FIPSOnly=0
  • LsnOnLoopBack=1

Only allow connections from SHH clients (Third Party and GSW, both FIPS 140-2 compliant and non-FIPS 140-2)

The variables GswFIPSOnly,, EnableRFC854Clients and AllowTelnetWithSSH are registry key values. Used in conjunction, with specific values, these Registry keys enable or disable the ability to restrict connection only from SSH clients. The keys are

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\AllowTelnetWithSSH
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\EnableRFC854Clients
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\GSW_FIPSOnly
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\LsnOnLoopBackOnly

Set each registry key value to the following

  • AllowTelnetWithSSH=0
  • EnableRFC854Clients=1
  • GSW_FIPSOnly=0
  • LsnOnLoopBack=1

Note: After you change the registry values, the new configuration will take effect for all new connections



LinkedIn Facebook Twitter