• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 197
  • Last Modified:

Understanding encryption on workstations/servers

Hey,

Is anyone familiar with FIPS encryption in relation to workstations?
If someone is selling you FIPS 1402 level encryption - are they referring to full disc ie data at rest type products - if so are there any 140/2 compliant data at rest products for xp/7/

Or can it also relat to data in transit - i.e. FIPS compliant "trasit protcols"?

WOuld much prefer comments to links as the links are confusing me more.
0
pma111
Asked:
pma111
  • 2
2 Solutions
 
pma111Author Commented:
Nobody?
0
 
DavidCommented:
Be specific on the context.  FIPS is for a "module" and there are 4 layers.  This module could be a stand-alone HDD, a USB stick, or a black box, a pure software solution, etc.   So in this case, FIPS refers to the "module" that your vendor is trying to sell you.  

Sorry, kind of a vague answer, it is because it is a vague question, unless you just wanted to know if there is more than one way to provide FIPS encryption for a computer, the answer is yes.
0
 
Rich RumbleSecurity SamuraiCommented:
FIPS-140-2 certified software can be found here:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
Those are the only modules, if your vendor isn't listed, they aren't certified. However that doesn't mean they don't use one or more of the modules listed and "claim" they are certified. FIPS140-2 can refer to data in motion or at rest. OpenSSL and just about ever HttpS certificate is created using OpenSSL, would be 140-2 approved, however SSL certs have other standards (roots and certificate authorities) that play a bigger role in the trusting of the data's integrity. This is one example of something being FIPS 140-2, but could still be compromised. Same holds true for data at rest solutions, if the password chosen to protect a hardrive is a simple one, even if the crypto behind to drives encryption is certified, a poor password choice makes it vulnerable nonetheless.
If your mandated to use fips-140-2 (gov't) then you have little alternative, you have to go and buy PKWare for your Zip file software, or PointSec, PGP etc for your HD encryption. But if you have a choice, I'd like you to consider this quote:
If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. — Bruce Schneier

This question should probably be moved/added into a Security Zone as opposed to a windows zone.
-rich
0
 
pma111Author Commented:
Many thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now