In this article:
What IS FIPS?
Installing the FIPS libraries on the remote machine.
How to connect using FIPS Mode in DMRC.
How to enforce FIPS Mode in DMRC.
Aero & FIPS Mode.
What IS FIPS:
Federal Information Processing Standards (FIPS) are a common set of standards developed by the United States Federal government
for use by all non-military government agencies and government contractors. FIPS 140 standards are U.S. government computer security
standards issued by the National Institute of Standards and Technology (NIST) that specify requirements for cryptography modules. FIPS standards
are so widely respected that many other countries have mandated them as well,
or have incorporated the bulk of their guidance into international standards.
Beginning with version 6.7 of the software, DameWare Development, LLC has partnered with RSA Security, Inc. to use the BSAFE Crypto-C Micro Edition cryptography module,
which has met all Level 1 requirements for FIPS 140-2 compliance when operated in "FIPS Mode." When this new "FIPS Mode" option is set, the DameWare Mini Remote Control (DMRC)
software will exclusively use the BSAFE Crypto-C ME FIPS 140-2 validated cryptographic library, which will only allow FIPS-approved encryption libraries
to be utilized.
The FIPS Validation certificate is available for review on the NIST website:
Additional documentation is available in the internal help file within the DMRC
Installing the FIPS libraries on the remote machine:
The RSA FIPS libraries should already be located on the local machine after version 6.7 or above of the DMRC software is installed.
Installing the necessary libraries on the remote machine can be accomplished in many different ways.
For example (click on image to enlarge):
1. During an update of the Client Agent Service (on the fly):
2. During an update of the Client Agent Service (at a later time) via the File / Update Client Agent menu:
3. During the initial installation of the Client Agent Service via the File / Install Service menu in DMRC:
4. During the initial installation of the Client Agent Service (on the fly):
5. Via the DameWare NT Utilities (DNTU) software, via the Batch pane in the Services View:
6. Via the DameWare MSI Builder:
Once the necessary FIPS libraries are installed on the remote machine, a connection
using FIPS mode can be made.
How to connect using FIPS Mode in DMRC:
FIPS mode can be enabled by selecting the Host Entry, then clicking on the Settings button. Select the Encryption Options Tab and enable the "Use FIPS Mode" checkbox.
Click OK to save the settings for this Host Entry. Now a connection to the
remote machine can be made in FIPS mode.
Simply click the Connect button on the Remote Connect dialog. Note the initialization of the FIPS mode libraries (on the Status Bar). Once completed, a FIPS mode connection is established.
How to enforce FIPS Mode in DMRC:
There are additional options within the DMRC Client Agent Service on the remote machine
to force every connection to this machine
to use all encryption options within the DMRC program. Within the properties of the DMRC Client
Agent Service, select the General Tab, then click on the Session button to open the Session Negotiation settings.
By enabling the FIPS Mode option within the DMRC Client Agent Service, even if users forget to enable the additional
Encryption Options, the DMRC software will automatically enable FIPS Mode encryption over this DMRC connection.
Aero & FIPS Mode:
Due to a known bug during initialization of the RSA FIPS libraries, each time a
connection is made to a remote machine using FIPS mode
and AERO is enabled either locally or remotely, this connection may take up to an additional 15-20 seconds (depending on the machine).
RSA has already confirmed this to be a bug which should be resolved in the next release of their BSAFE Crypto-C ME libraries later in 2008.
Therefore, when using FIPS mode to connect, DameWare recommends temporarily turning off AERO, both locally and remotely.