DameWare Home  |   Community  |   Sales  |   Resellers  |   Contact Us  
Article - #300091   

 

How to connect to a remote machine using FIPS Mode

 
The information in this article applies to:
  • DameWare NT Utilities - Version(s) 6.7 and above
    •
  • DameWare Mini Remote Control
    • - Version(s) 6.7 and above

In this article:

What IS FIPS?
Installing the FIPS libraries on the remote machine.
How to connect using FIPS Mode in DMRC.
How to enforce FIPS Mode in DMRC.
Aero & FIPS Mode.

 

What IS FIPS:

Federal Information Processing Standards (FIPS) are a common set of standards developed by the United States Federal government for use by all non-military government agencies and government contractors.  FIPS 140 standards are U.S. government computer security standards issued by the National Institute of Standards and Technology (NIST) that specify requirements for cryptography modules.  FIPS standards are so widely respected that many other countries have mandated them as well, or have incorporated the bulk of their guidance into international standards.

Beginning with version 6.7 of the software, DameWare Development, LLC has partnered with RSA Security, Inc. to use the BSAFE Crypto-C Micro Edition cryptography module, which has met all Level 1 requirements for FIPS 140-2 compliance when operated in "FIPS Mode."  When this new "FIPS Mode" option is set, the DameWare Mini Remote Control (DMRC) software will exclusively use the BSAFE Crypto-C ME FIPS 140-2 validated cryptographic library, which will only allow FIPS-approved encryption libraries and ciphers to be utilized.

The FIPS Validation certificate is available for review on the NIST website: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt608.pdf.  Additional documentation is available in the internal help file within the DMRC software.

Installing the FIPS libraries on the remote machine:

The RSA FIPS libraries should already be located on the local machine after version 6.7 or above of the DMRC software is installed.  Installing the necessary libraries on the remote machine can be accomplished in many different ways.

For example (click on image to enlarge):

1. During an update of the Client Agent Service (on the fly):   FIPS-Client Agent update (on the fly)

2. During an update of the Client Agent Service (at a later time) via the File / Update Client Agent menu:   FIPS-Force Client Agent update

3. During the initial installation of the Client Agent Service via the File / Install Service menu in DMRC:   FIPS-Install Agent 1

4. During the initial installation of the Client Agent Service (on the fly):   FIPS-Install Agent 2

5. Via the DameWare NT Utilities (DNTU) software, via the Batch pane in the Services View:   FIPS-Batch Install

6. Via the DameWare MSI Builder:   FIPS-MSI Builder Install

Once the necessary FIPS libraries are installed on the remote machine, a connection using FIPS mode can be made.

How to connect using FIPS Mode in DMRC:

FIPS mode can be enabled by selecting the Host Entry, then clicking on the Settings button.  Select the Encryption Options Tab and enable the "Use FIPS Mode" checkbox.

FIPS-MSI Builder Install    FIPS-MSI Builder Install

Click OK to save the settings for this Host Entry.  Now a connection to the remote machine can be made in FIPS mode.  Simply click the Connect button on the Remote Connect dialog.  Note the initialization of the FIPS mode libraries (on the Status Bar).  Once completed, a FIPS mode connection is established.

FIPS-MSI Builder Install     FIPS-MSI Builder Install

How to enforce FIPS Mode in DMRC:

There are additional options within the DMRC Client Agent Service on the remote machine to force every connection to this machine to use all encryption options within the DMRC program.  Within the properties of the DMRC Client Agent Service, select the General Tab, then click on the Session button to open the Session Negotiation settings.  By enabling the FIPS Mode option within the DMRC Client Agent Service, even if users forget to enable the additional Encryption Options, the DMRC software will automatically enable FIPS Mode encryption over this DMRC connection.

FIPS-MSI Builder Install

Aero & FIPS Mode:

Due to a known bug during initialization of the RSA FIPS libraries, each time a connection is made to a remote machine using FIPS mode and AERO is enabled either locally or remotely, this connection may take up to an additional 15-20 seconds (depending on the machine).  RSA has already confirmed this to be a bug which should be resolved in the next release of their BSAFE Crypto-C ME libraries later in 2008.

Therefore, when using FIPS mode to connect, DameWare recommends temporarily turning off AERO, both locally and remotely.

Knowledgebase Article: #300091
Category: How To Guides
Last Revised: Friday, February 01, 2008
Keywords: fips, fips 140, fips 140-2, encryption, rsa
Decription: Information on how to use the new FIPS mode encryption modules within the DameWare Mini Remote Control software.
How would you rate this article?
 12345678910 
Not HelpfulVery Helpful
Please tell us why you are rating this article this way.
If you need to enter a URL please remove "http://".
Please note: this field is required for negative responses.
No HTML please.                          
 
12345678910
Average rating:  7.9 out of 10.
16 people have rated this article.
Page Options
Print this article
Email this article
Rate this article
   ©1991-2010 DameWare Development LLC, All rights reserved.
    Privacy Statement  |  Trademarks  |  End of Life