From: Cihan Subasi (Garanti Teknoloji) (CihanSIZZATgaranti.com.tr)
Date: Thu May 08 2003 - 03:48:29 EDT
"When the offloader is in FIPS mode, only FIPS-compliant servers can be used" this from the Cisco's documentations
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_410/sca_ch_6.htm#21867
What exactly this mean, our servers are IBM HTTP Server and shouid they be FIPS compiant as well in order to be condifured in the FIPS-compiant SSL offloader...
-----Original Message-----
From: Derksen, Marcel [mailto:marcel.derksenIZZATcw.com]
Sent: Wednesday, May 07, 2003 4:23 PM
To: 'lb-lIZZATvegan.net'
Subject: RE: [load balancing] What is FIPS 140-1 level 3 complaint hardware?
Importance: High
Hi Cihan,
You are right. Alteon has a device (the ASA, formerly ISD) that is FIPS-level 3 compliant.
The FIPS level 3 compliancy has to do with the way the keys are stored. Since both a VPN and an SSL (can) use certificates and their keys they can be applied to both VPN and SSL.
In fact Alteon/Nortel just released code version 4 for their ASA which has both the SSL and the (clientless!!) VPN capability.
The level of FIPS has to do with the number of rules you have to comply to get a certain certification. More information can be found at http://www.spyrus.com/content/thirdpartycertifications/FIPS_level_comparisons.asp
Hope this helps.
Greetings,
Marcel Derksen
Network Architect
NNCDS/NNCSS - Alteon
CABLE & WIRELESS
Delivering the Internet promise
http://www.cw.com/
Email: marcel.derksenIZZATcw.com
Tel: +31 (0) 306029900
Fax: +31 (0) 306029911
***************************************************************************************
This message may contain information which is confidential or privileged.
If you are not the intended recipient, please advise the sender immediately
by reply e-mail and delete this message and any attachments
without retaining a copy.
***************************************************************************************
-----Original Message-----
From: Cihan Subasi (Garanti Teknoloji) [mailto:CihanSIZZATgaranti.com.tr]
Sent: woensdag 7 mei 2003 13:04
To: LoabBalancing (E-mail)
Subject: [load balancing] What is FIPS 140-1 level 3 complaint hardware?
Hi all,
I am asked by the business guys to find a FIPS 140-1 complaint device to be used for our SSL connection to VISA...After doing a quick research I have found that Alteon ISD has a device like that but also found out that many devices with FIPS 140-1 or 140-2 are VPN clients or gateways (concentrators)..I am a bit confused, is this standard applies for both SSL and VPN-IPSEC or only for VPN-IPSEC devices?.. From the requirement of VISA I was hoping to find only SSL offloaders with FIPS...Can anybody give me more info about FIPS and what should I exactly look for?
***********************************************************
Cihan SUBASI
Garanti Technology
Internet ve Yazilim Hizmetleri
Tel:(90)(212)4783426 GSM:(90)(533)(2750353)
Fax:(90)(212)6576150
http://www.garantitechnology.com <http://www.garantitechnology.com/>
mailto:cihansIZZATgaranti.com.tr
***********************************************************
-----------------------------------------------------------------------------------------------------------
Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir.Bu mesajin muhatabi
olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yükümlülügüne
uyulmasi zorunlulugu tarafiniz icin de soz konusudur.Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve
güncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz
mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, bütünlügünün ve gizliliginin
korunamamasindan, virüs icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan
sorumlu tutulamaz.
This message and attachments are confidential and intended solely for the individual(s) stated in this
message.If you received this message although you are not the addressee you are responsible to keep
confidential the message.The sender has no responsibility for the accuracy or correctness of the
information in the message and its attachments.Our company shall have no liability for any changes
or late receiving,loss of integrity and confidentiality,viruses and any damages caused in
anyway to your computer system.
-----------------------------------------------------------------------------------------------------------
Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir.Bu mesajin muhatabi
olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yükümlülügüne
uyulmasi zorunlulugu tarafiniz icin de soz konusudur.Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve
güncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz
mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, bütünlügünün ve gizliliginin
korunamamasindan, virüs icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan
sorumlu tutulamaz.
This message and attachments are confidential and intended solely for the individual(s) stated in this
message.If you received this message although you are not the addressee you are responsible to keep
confidential the message.The sender has no responsibility for the accuracy or correctness of the
information in the message and its attachments.Our company shall have no liability for any changes
or late receiving,loss of integrity and confidentiality,viruses and any damages caused in
anyway to your computer system.
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2.1.4 : Thu May 08 2003 - 03:52:28 EDT