FIPS Policy Justification & Explanation in a nutshell
Hi Team,
• FIPS defines certain specific encryption methods that can be used, as well as methods for generating encryption keys. It’s published by the National Institute of Standards and Technology, or NIST.
• The setting in Windows complies with the US government FIPS 140 standard. When it’s enabled, it forces Windows to only use FIPS-validated encryption schemes and advises applications to do so, as well.
• “FIPS mode” doesn’t make Windows more secure. It just blocks access to newer cryptography schemes that haven’t been FIPS-validated. That means it won’t be able to use new encryption schemes, or faster ways of using the same encryption schemes. In other words, it makes your computer slower, less functional, and arguably less secure.
• https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/
# Information with regards to ARCON PAM
• ARCON PAM Architecture Communication involves request-response mechanism between ARCON PAM application server(IIS) & ARCON PAM Database server(MSSQL) for the ARCON PAM Portal page to be displayed.
• ARCON PAM Application server communicates with the ARCON PAM Database server with the help of a file named DB Settings(EXT INI) & it resides on ARCON PAM Application server.
• DB settings is the file in which Database connection details(i.e. Database IP , DB username , DB password) are saved
• DB settings is required for all ARCON PAM services irrespective of the installed server(ARCON PAM Application server or ARCON PAM Database Server)
• When FIPS policy is enabled, ARCON PAM Application server fails to read the Database configuration saved in DB settings files, Hence it is unable to talk to the database and services fail to start.
• However When you disable the FIPS policy, the ARCON PAM Application server is able to read the DB settings file as well as able to talk to the ARCON PAM Database server
• ARCON PAM Application portal page appears and gets successfully logged in