Saturday, November 17, 2007

2007-11-17 Saturday

FIPS and SSL - Bad Mojo

I run several tools to help secure my computer systems - and frequently run updates for the latest releases for my firewall, antivirus, and operating system patches. But recently I wanted to step up my security game a bit - and began implementing a number of additional security measures.

There are several good sources on the web for additional tips and tricks to enhance the security of your computer - and as I worked through various recommendations, I decided to turn-on the Windows XP FIPS cryptographic option for critical information stored in certain file folders that I selected for encryption.

Big Mistake

Since I had downloaded the latest updates for my internet security software and Microsoft Windows XP, there were a significant number of variables in flight. When the HTTPS connection to a number of critical financial web sites stopped working, I began the laborous process of root-cause analysis (while other HTTPS connections did appear to continue working).

I had created a Restore Point before beginning this adventure, but I always prefer to learn from problems - not just "get it to work".

After a few hours of investtigation, and acquiring some new computer forensic skills, I found out that the Microsoft FIPS cryptographic option is not compatible with SSL.

Bad Microsoft.

No comments: