Enhanced Encryption Overview
For those sites requiring rigorous security for their system management
data, CorreLog offers its TLS / AES-256 bit software for enhanced
internal security. This software uses an Apache server that
supports HTTP TLS, and SSLv3. This package additionally includes
a FIPS 140-2 certified cryptographic module to establish
secure transfers between CorreLog agents and the main CorreLog server.
This optional software is particularly important for sites that require
U.S. Government certified cryptographic algorithms and / or modules.
These sites may include Government installations constrained to follow
FIPS regulations, sites that require PCI/DSS certification, as well as
sites that transmit information over the public Internet.
NOTE: The United States Government regulates the export of
cryptographic algorithms. The software described on this page manual
cannot be incorporated in any non-domestic products, or delivered to any
person or organization outside the USA. For precise information on
United States cryptography export/import laws, contact the Bureau of
Export Administration (BXA) (http://www.bxa.doc.gov/).
FIPS 140-2 Support
The Federal Information Security Management Act establishes
regulations for managing security through the Federal Information
Processing Standards (FIPS). These standards, in addition to being a
requirement for secure processing, furnish excellent guidelines for
private industry and commercial organizations. In particular, FIPS Pub 140-2 establishes security requirements
for cryptographic modules, including areas related to secure design and
implementation applicable to all Federal agencies that utilize
encryption to protect sensitive data, such as personally
identifiable information, pursuant to
OMB Memorandum M-06-16, issued June 23, 2006.
The AES-256 bit cryptographic module, used by CorreLog, is FIPS
140-2 certified, with all encryption being performed by this
cryptographic module within a well defined logical boundary. Furthermore,
given physical access to the CorreLog Server, the module can be swapped
and substituted with other FIPS 140-2 certified cryptographic modules
(or other end-user preferred modules), thus permitting administrators to
change FIPS certifications without affecting other aspects of system
CorreLog can potentially accommodate all levels of security
assurance defined by FIPS. Because CorreLog is not appliance-based,
the end-user can specify and secure the physical platform executing
CorreLog (necessary to meet physical security requirements).
CorreLog allows the end-user flexibility in establishing as much physical
security as may be required.
CorreLog manages key generation, secure exchange and management of
these keys, as well as self-test functions required by FIPS 140-2. You
are provided verifiably secure data transfer across all parts of your
Enhanced Encryption Software Features
Specific features of CorreLog's Enhanced Encryption Software include:
- Authentication and Encryption of HTTP Communications.
The Enhanced Encryption Software adds a secure HTTPS service to the
CorreLog site, so that all data transfers between a user's browser and
the CorreLog server are authenticated and encrypted using standard TLS,
SSLv3. This extra software includes elements needed to make a
self-signed security certificate for the CorreLog installation.
- AES-256 Bit Encryption of Agent Data Transfers.
The Enhanced Encryption Software enables highly secure AES-256 bit
encryption to CorreLog agent programs, which supplements the native
encryption features of the agent programs using published and
verifiable security algorithms. The actual cryptographic module is
FIPS 140-2 certified.
- Secure Key Upload Protocol.
The Enhanced Encryption Software adds a secure process by which to
refresh / re-establish protocol, allowing easy maintenance of
cryptographic keys. Administrators can periodically change encryption
keys used by CorreLog agents so as to promote secure operation.
- Encryption Self-Test.
The Enhanced Encryption Software provides a secure self-test of
encryption on coldstart and on demand, compliant with FIPS requirements.
Additionally, the current states of encryption keys, and any changes to
these keys, are recorded for forensics and audit purposes.
The Enhanced Encryption Software furnishes a seamless integration with
CorreLog, working with the various CorreLog Agent Tunneling programs
(described elsewhere). For example, the user can
generate and upload different encryption keys for each agent program.
The central CorreLog server tracks the particular encryption version of
each agent, so that changing one encryption key does not affect the
processing of other agents. The result is an unbreakable encryption
and authentication scheme for management data transfers.
The Enhanced Encryption Software is installed at the main CorreLog
Server site, and does not require changes to agent or tunneling
programs. Installation requires administrative access to the CorreLog
Server platform (to execute the key generation Windows dialog), and
also an administrative login to the CorreLog website (to upload keys to
remote programs using secure key exchange protocol).
The encryption software does not require Java, or .NET, and uses minimal
CPU and memory. The includes a ready-to-run configuration, and
50+ page CorreLog User Reference Manual, in Adobe PDF format, which
includes complete installation and application notes.
This software is available for evaluation on user request. As previously
noted, this particular package is available only to USA domestic
installations, and is subject to USA export laws. Contact CorreLog
sales or professional services for more help.
View Other Solutions & Services...