From: Cihan Subasi (Garanti Teknoloji) (CihanSIZZATgaranti.com.tr)
Date: Thu May 08 2003 - 03:48:29 EDT

  • Next message: Steven Christall: "[load balancing] AD3 - RTS processing CPU hit?"

    "When the offloader is in FIPS mode, only FIPS-compliant servers can be used" this from the Cisco's documentations
     
    http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_410/sca_ch_6.htm#21867
     
    What exactly this mean, our servers are IBM HTTP Server and shouid they be FIPS compiant as well in order to be condifured in the FIPS-compiant SSL offloader...
    -----Original Message-----
    From: Derksen, Marcel [mailto:marcel.derksenIZZATcw.com]
    Sent: Wednesday, May 07, 2003 4:23 PM
    To: 'lb-lIZZATvegan.net'
    Subject: RE: [load balancing] What is FIPS 140-1 level 3 complaint hardware?
    Importance: High

    Hi Cihan,
     
    You are right. Alteon has a device (the ASA, formerly ISD) that is FIPS-level 3 compliant.
    The FIPS level 3 compliancy has to do with the way the keys are stored. Since both a VPN and an SSL (can) use certificates and their keys they can be applied to both VPN and SSL.
    In fact Alteon/Nortel just released code version 4 for their ASA which has both the SSL and the (clientless!!) VPN capability.
     
    The level of FIPS has to do with the number of rules you have to comply to get a certain certification. More information can be found at http://www.spyrus.com/content/thirdpartycertifications/FIPS_level_comparisons.asp
     
    Hope this helps.
     
    Greetings,
     
    Marcel Derksen
    Network Architect
    NNCDS/NNCSS - Alteon
     
    CABLE & WIRELESS
    Delivering the Internet promise
    http://www.cw.com/
     
     
    Email: marcel.derksenIZZATcw.com
    Tel: +31 (0) 306029900
    Fax: +31 (0) 306029911
     
    ***************************************************************************************
    This message may contain information which is confidential or privileged.
    If you are not the intended recipient, please advise the sender immediately
    by reply e-mail and delete this message and any attachments
    without retaining a copy.
    ***************************************************************************************
     
    -----Original Message-----
    From: Cihan Subasi (Garanti Teknoloji) [mailto:CihanSIZZATgaranti.com.tr]
    Sent: woensdag 7 mei 2003 13:04
    To: LoabBalancing (E-mail)
    Subject: [load balancing] What is FIPS 140-1 level 3 complaint hardware?
     
    Hi all,
     
    I am asked by the business guys to find a FIPS 140-1 complaint device to be used for our SSL connection to VISA...After doing a quick research I have found that Alteon ISD has a device like that but also found out that many devices with FIPS 140-1 or 140-2 are VPN clients or gateways (concentrators)..I am a bit confused, is this standard applies for both SSL and VPN-IPSEC or only for VPN-IPSEC devices?.. From the requirement of VISA I was hoping to find only SSL offloaders with FIPS...Can anybody give me more info about FIPS and what should I exactly look for?
     
    ***********************************************************
    Cihan SUBASI
    Garanti Technology
    Internet ve Yazilim Hizmetleri
    Tel:(90)(212)4783426 GSM:(90)(533)(2750353)
    Fax:(90)(212)6576150
    http://www.garantitechnology.com <http://www.garantitechnology.com/>
    mailto:cihansIZZATgaranti.com.tr
    ***********************************************************
     

    -----------------------------------------------------------------------------------------------------------

    Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir.Bu mesajin muhatabi

    olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yükümlülügüne

    uyulmasi zorunlulugu tarafiniz icin de soz konusudur.Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve

    güncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz

    mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, bütünlügünün ve gizliliginin

    korunamamasindan, virüs icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan

    sorumlu tutulamaz.

    This message and attachments are confidential and intended solely for the individual(s) stated in this

    message.If you received this message although you are not the addressee you are responsible to keep

    confidential the message.The sender has no responsibility for the accuracy or correctness of the

    information in the message and its attachments.Our company shall have no liability for any changes

    or late receiving,loss of integrity and confidentiality,viruses and any damages caused in

    anyway to your computer system.

    -----------------------------------------------------------------------------------------------------------
    Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir.Bu mesajin muhatabi
    olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yükümlülügüne
    uyulmasi zorunlulugu tarafiniz icin de soz konusudur.Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve
    güncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz
    mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, bütünlügünün ve gizliliginin
    korunamamasindan, virüs icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan
    sorumlu tutulamaz.

    This message and attachments are confidential and intended solely for the individual(s) stated in this
    message.If you received this message although you are not the addressee you are responsible to keep
    confidential the message.The sender has no responsibility for the accuracy or correctness of the
    information in the message and its attachments.Our company shall have no liability for any changes
    or late receiving,loss of integrity and confidentiality,viruses and any damages caused in
    anyway to your computer system.

    ____________________
    The Load Balancing Mailing List
    Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
    Archive: http://vegan.net/lb/archive
    LBDigest: http://lbdigest.com
    MRTG with SLB: http://vegan.net/MRTG
    Hosted by: http://www.tokkisystems.com



    This archive was generated by hypermail 2.1.4 : Thu May 08 2003 - 03:52:28 EDT