Domain: standardnetworks.com
Stories and comments across the archive that link to standardnetworks.com.
Comments · 10
-
I can suggest a solution...
If I want my outside people to send me a file with not-so-sensitive information that isn't very useful to anyone else, I think they should be able to FTP it to me ( or SFTP or SCP or FTP with SSL if pedantic IT people were so inclined). Instead of X saying " you can't have an ftp server up because it's a security hole", the IT person should say "I'll set up a secure FTP server instead and they can send it there".
Can I make a suggestion for this? It does SFTP and FTPS with automatic encrypted storage...
http://www.standardnetworks.com/moveitdmz -
There's technology to avoid this...
1) MOVEit DMZ with Secure Messaging (http://www.standardnetworks.com/moveitdmz) Many companies (and especially company HR departments) buy this web-based product so that they have an encrypted NOT-EMAIL channel to send secure messages.
2) If you don't mind the administrative hassle, SMIME/PGP-encrypted email will also protect you. -
ADA Website Compliance = Section 508
In the United States, ADA website compliance means Section 508.
See:
http://www.access-board.gov/sec508/guide/
How do I know? Before the U.S. Post Office looked at our web-based secure file transfer and messaging product (MOVEit DMZ), they required us to pass this requirement.
You can see a short version of our "yes, we comply" statement online here:
https://support.standardnetworks.com/moveit/doc/en /moveitdmz_generalinformation_federalregs_ada.htm
Among the interesting bits: to meet full compliance we added an option that allows our administrators to add a "skip repetative navigation" link to the top of the page; this specifically allows audio readers to skip directly to the unique content on the page. -
No FIPS AES? I noticed that too..."...in contrast to the existing AES implementations that have not been through an evaluation, we plan to get our implementation evaluated to meet FIPS guidelines and requirements."
First, thanks for answering my question.
Believe me - I noticed the lack of FIPS validation too. In fact, my company (Standard Networks - http://www.standardnetworks.com/ was more or less forced to develop an FIPS 140-2 validated AES implementation ("MOVEit Crypto" - http://www.standardnetworks.com/uploads/media/MOV
E it-Crypto-FIPS-140-2-Overview.PDF) for Windows (and later, Linux) to get around this Microsoft limitation. If a FIPS-approved AES algorithm HAD been part of the base Microsoft OS, it would have saved us a lot of extra work and money. -
No FIPS AES? I noticed that too..."...in contrast to the existing AES implementations that have not been through an evaluation, we plan to get our implementation evaluated to meet FIPS guidelines and requirements."
First, thanks for answering my question.
Believe me - I noticed the lack of FIPS validation too. In fact, my company (Standard Networks - http://www.standardnetworks.com/ was more or less forced to develop an FIPS 140-2 validated AES implementation ("MOVEit Crypto" - http://www.standardnetworks.com/uploads/media/MOV
E it-Crypto-FIPS-140-2-Overview.PDF) for Windows (and later, Linux) to get around this Microsoft limitation. If a FIPS-approved AES algorithm HAD been part of the base Microsoft OS, it would have saved us a lot of extra work and money. -
Free FTP/S Command-Line Client for Windows
http://www.standardnetworks.com/moveitfreely
Free FTP/S command-line client for Windows. (FTP/S = FTP over SSL). Traditional and portable installations available. -
Where to get your own...There's a company in Wisconsin called Standard Networks (http://www.standardnetworks.com/) that makes a neat little web-based message system that looks like email to end users, but really stores each message in an AES-encrypted file.
Check it out here: http://www.standardnetworks.com/uploads/media/MOV
E it-DMZ-Secure-Messaging.PDF/ -
Where to get your own...There's a company in Wisconsin called Standard Networks (http://www.standardnetworks.com/) that makes a neat little web-based message system that looks like email to end users, but really stores each message in an AES-encrypted file.
Check it out here: http://www.standardnetworks.com/uploads/media/MOV
E it-DMZ-Secure-Messaging.PDF/ -
Please allow me to shameless self-promote then.
Please allow me to shamelessly self-promote then.
http://www.standardnetworks.com/moveitdmz/
It's a secure file transfer server. For years we've been using an ActiveX component (IE on Windows only) to offer professional file features like automatic SHA integrity checks, file transfers >4GB via browsers, on-the-fly zipping, etc.
But...our latest version also has a Java component and full integration with the Mozilla/Firefox/Netscape tree on both Windows and Linux. -
Don't Forget FIPS Validation!In addition to suggesting algorithms, NIST also VALIDATES code and devices to make sure they do exactly what they should when it comes to cryptography. (No back doors, no shortcuts, etc.)
More information about the Cryptographic Module Validation Program (the current standard for encryption is FIPS 140-2) can be found here: http://csrc.nist.gov/cryptval/140-2.htm
Also, here's a group which has both Windows and Linux versions of a FIPS 140-2 AES implementation, if you want to know what it looks like in action: http://www.standardnetworks.com/moveitcrypto