Chatee ahora con Soporte

Obtener ayuda en vivo
Completar registro

Iniciar sesión

Solicitar precios

Comuníquese con Ventas

Security Explorer 9.9 - Deployment Guide

Navegación de contenido

Deployment overview and requirements

Overview Audience Cryptographic usage Background Prerequisites Installation and operation

Background

To execute in a FIPS compliant mode, a Windows environment requires the Microsoft Policy "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" setting enabled.

Microsoft states that "This policy is only advisory to applications. Therefore, if you enable the policy, it does not make sure that all applications will comply".

Security Explorer 9.9 leverages Microsoft's CryptoAPI (CAPI) and CryptoAPI Next Generation (CNG) for its cryptographic needs.

Microsoft Product Relationship with CNG and CAPI libraries is documented here: https://technet.microsoft.com/en-us/library/cc750357.aspx

"Rather than validate individual components and products, Microsoft chooses to validate only the underlying cryptographic modules. Subsequently, many Windows components and Microsoft products are built to rely on the Cryptographic API: Next Generation (CNG) and legacy Cryptographic API (CAPI) FIPS 140 validated cryptographic modules. Windows components and Microsoft products use the documented application programming interfaces (APIs) for each of the modules to access various cryptographic services.

Prerequisites

The following prerequisites are necessary to set up an environment for FIPS Mode.

•

Windows Server 2008 R2 or later (latest)

•

The following group policies must be enabled:

•

System Cryptography: Use FIPS compliance algorithms for encryption, hashing and signing. Ensure this policy is enabled.

•

Network Security: Configure encryption types allowed for Kerberos. Ensure the “AES128_HMAC_SHA1” and “AES256_HMAC_SHA1” values are selected.

Installation and operation

Installing Security Explorer 9.9 in a new environment automatically enforces all FIPS Mode requirements. No updates are required.

In order to ensure FIPS compliance in the environment, older components must be upgraded or uninstalled.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación

© ALL RIGHTS RESERVED. Feedback Términos de uso Privacidad Cookie Preference Center