Understanding encryption on workstations/servers

Posted on 2011-10-10
Last Modified: 2012-05-12

Is anyone familiar with FIPS encryption in relation to workstations?
If someone is selling you FIPS 1402 level encryption - are they referring to full disc ie data at rest type products - if so are there any 140/2 compliant data at rest products for xp/7/

Or can it also relat to data in transit - i.e. FIPS compliant "trasit protcols"?

WOuld much prefer comments to links as the links are confusing me more.
Question by:pma111
    LVL 3

    Author Comment

    LVL 46

    Accepted Solution

    Be specific on the context.  FIPS is for a "module" and there are 4 layers.  This module could be a stand-alone HDD, a USB stick, or a black box, a pure software solution, etc.   So in this case, FIPS refers to the "module" that your vendor is trying to sell you.  

    Sorry, kind of a vague answer, it is because it is a vague question, unless you just wanted to know if there is more than one way to provide FIPS encryption for a computer, the answer is yes.
    LVL 38

    Assisted Solution

    by:Rich Rumble
    FIPS-140-2 certified software can be found here:
    Those are the only modules, if your vendor isn't listed, they aren't certified. However that doesn't mean they don't use one or more of the modules listed and "claim" they are certified. FIPS140-2 can refer to data in motion or at rest. OpenSSL and just about ever HttpS certificate is created using OpenSSL, would be 140-2 approved, however SSL certs have other standards (roots and certificate authorities) that play a bigger role in the trusting of the data's integrity. This is one example of something being FIPS 140-2, but could still be compromised. Same holds true for data at rest solutions, if the password chosen to protect a hardrive is a simple one, even if the crypto behind to drives encryption is certified, a poor password choice makes it vulnerable nonetheless.
    If your mandated to use fips-140-2 (gov't) then you have little alternative, you have to go and buy PKWare for your Zip file software, or PointSec, PGP etc for your HD encryption. But if you have a choice, I'd like you to consider this quote:
    If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. — Bruce Schneier

    This question should probably be moved/added into a Security Zone as opposed to a windows zone.
    LVL 3

    Author Comment

    Many thanks

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    The viewer will learn how to back up in Windows 7 with native tools. This should be the first step. Third party tools should also be used. Access the Backup and Restore options: Click on the windows 7 start ball in the lower left corner of the scree…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now