.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan
Santhakumar Munuswamy
Fauzul Azmi
Asad Ali
Post New Web Links

SSAS FIPS compliance encryption

Posted By:      Posted Date: September 27, 2010    Points: 0   Category :Sql Server
 

I am trying to find out if SSAS processes are encrypted to FIPS compliant standards. We have been able to implement FIPS encryption for MSSQL but we have found no way of determining if SSAS standard encryption is FIPS compliant. As is my understanding SSAS files are encrypted by default but we are not aware that this encryption is FIPS compliant.

Does anyone know if SSAS encryption is FIPS compliant? and if so do you know how we could prove this to auditors? If SSAS standard encryption is not FIPS compliant does anyone know what we need to do to implement encryption at the FIPS compliance level?

The version of SSAS is 2008 x64. MSSQL is Enterprise 2008 x64.

much appreciated :-)

 

 

 

 




View Complete Post


More Related Resource Links

Fips Compliance of Analysis Services and Encryption of Cube Data

  

We have SQL Server succesfully set up for FIPS Compliance, But require to setup the same Compliance for the Encryption of Data in Analysis services 2008 enterprise on the same Win 2008 server.

If we browse to the SAS Data Folder for our Project on the Fips Compliant  Instance We can view the Data Files and the Data is Visible in Plain Text. Depite the security setting being set to DataProtectMode 1 (Encryption).

So my Questions:

1. Is Analysis Services 2008 enterprise Fips Compliant ?

2. if it is How do we set it up

3. how do we prove to security Auditors that it is Set up and Working in Compliant Mode.

We have done Exaustive Searches of msdn Google blogs, sql-cat etc and found no relevent articles to Answer these specific Questions and are reluctant to Go to Chargeable support until we have exausted other available avenues.

 

 Colin Robinson

 


Encryption and FIPS Compliance of Analysis Services 2008

  

We have SQL Server succesfully set up for FIPS Compliance, But require to setup the same Compliance for the Encryption of Data in Analysis services 2008 enterprise on the same Win 2008 server.

If we browse to the SAS Data Folder for our Project on the Fips Compliant  Instance We can view the Data Files and the Data is Visible in Plain Text. Depite the security setting being set to DataProtectMode 1 (Encryption).

So my Questions:

1. Is Analysis Services 2008 enterprise Fips Compliant ?

2. if it is How do we set it up

3. how do we prove to security Auditors that it is Set up and Working in Compliant Mode.

We have done Exaustive Searches of msdn Google blogs, sql-cat etc and found no relevent articles to Answer these specific Questions and are reluctant to Go to Chargeable support until we have exausted other available avenues.


FIPS compliance on web app; no workaround

  

We recently had FIPS Compliance enforced through Group Policy on our production servers.  In our development environment, we are setting the registry key to enforce FIPS, and we inserted the <machineKey> setting found elsewhere to use MD5 encryption in the ViewState.

However, the web application, which has been working for years, suddenly gets this error:

 

Server Error in '/' Application.

Parser Error

Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately.

Parser Error Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Source Error:

Line 1:  <%@ Application Codebehind="Global.asax.cs" Inherits="MyWebApplication.Global" %>

Source File: /global.asax    Line: 1


Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.40

PCI compliance - Transparent Data Encryption

  
I have been researching PCI compliance and SQL Server 2008.   I need to store credit card details in the database for a short period until the batch is closed.  One feature of SQL 2008 that keeps coming up over and over is Transparent Data Encryption.  One down side I see to Transparent Data Encryption is that we would need to bring in 3rd party software to manage the EKM and store the Asymmetric key(s).  I wanted to see what software people are using to manage their keys and get some general feedback on Transparent Data Encryption.  Thank you in advance for your time.   Cheers Ryan  

View State Encryption

  

Hi All,

Why is it that I see the same hash value generated when I use different algorithms for viewstate encryption. I have added below lines to the web.config file

<pages viewstateEncryptionMode="Always"

Security Briefs: Security Compliance as an Engineering Discipline

  

Many companies starting out with the SDL are doing so in combination with a security compliance program. We'll show you some best practices and pitfall we've seen when employing SDL principles for compliance.

Brad Hill

MSDN Magazine February 2010


Cryptography: Employ Strong Encryption in Your Apps with Our CryptoUtility Component

  

When storing sensitive data, you need to be able to identify threats, determine how these threats interact with each other, and how issues can combine to constitute a vulnerability that will leave your data exposed. With a good understanding of the various cryptographic algorithms, salt, hashes, ACLs, and other available techniques, you'll be in a better position to protect your critical data.

Michael Stuart and J Sawyer

MSDN Magazine November 2004


Trustworthy Code: Exchange Data More Securely with XML Signatures and Encryption

  

You can sign any kind of data using XML Signature, including part of an XML document, other XML documents, or other data of any format. However, in practice, XML signatures are most frequently used to sign other data represented in XML. In this article, the authors discuss the new standard and how you can benefit from it in your apps.

Mike Downen and Shawn Farkas

MSDN Magazine November 2004


Encrypt It: Keep Your Data Secure with the New Advanced Encryption Standard

  

The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology specification for the encryption of electronic data. It is expected to become the accepted means of encrypting digital information, including financial, telecommunications, and government data. This article presents an overview of AES and explains the algorithms it uses. Included is a complete C# implementation and examples of encrypting .NET data. After reading this article you will be able to encrypt data using AES, test AES-based software, and use AES encryption in your systems.

James McCaffrey

MSDN Magazine November 2003


.NET Remoting: Secure Your .NET Remoting Traffic by Writing an Asymmetric Encryption Channel Sink

  

As .NET Remoting gains popularity in the enterprise space, it must meet business demands for trustworthy computing. Remoting traffic can be secured when objects are hosted in IIS, but when they aren't hosted in IIS, custom security solutions can be developed to secure them. This article provides an in-depth look at writing channel sinks for .NET. It also details the flow of data through custom channel sinks and explains the kinds of manipulations that can be performed on that data.

Stephen Toub

MSDN Magazine June 2003


Symmetric Key Encryption on the Compact Framework

  
There are two main types of encryption algorithms available within the .NET Compact Framework - symmetric and asymmetric encryption. This blog entry will discuss how to utilise symmetric key encryption, but first we have to outline the difference between Symmetric and Asymmetric encryption (I will discuss asymmetric key encryption in a future blog entry).

Symmetric and Asymmetric Key Encryption
Symmetric encryption algorithms (also known as ciphers) process plain text with a secret encryption key to create encrypted data (called cipher text). The same secret key is used to decrypt the cipher text back to plain text.

Asymmetric encryption (also known as public-key encryption) is a cryptography technique that uses public and private key pairs to encrypt and decrypt data respectably. The private key is a closely guarded secret, while the public key can be freely distributed over untrusted networks. You do not worry who has your public key (you could print it on a 100foot tall banner if you so desired), but you must keep your private key secret.

URL Encryption in ASP.NET

  

Hi Friends

URL Encryption is important in project ...

i m using following artical for URl Encryption... It is working fine for Respons.redirect();

But not working for navigate url ....

how can this problem get resolved ...

please help me out...........

http://www.dotnetfunda.com/articles/article748-url-encryption-in-aspnet-.aspx

----------------------------------------------------------------------------------------------------------------------------------- Parees Solutions -----------------------------------------------------------------------------------------------------------------------------------


WCAG Compliance

  

I know its an old chestnut, but this is of great importance to us in the Public Sector and with many commercial clients too.  How close will the kit be to compliance with the current WCAG 1.0 AA level of the standard?


Kerberos between MOSS 2007 and SSAS 2005

  

I realize this is probably going to be one of those vague questions that I am not going to get much help on here, but I thought I'd give this a shot before we go the MS Incident route on monday.

We have tried to setup Kerberos between MOSS 2007 AND SSAS 2005 to no avail.  We have been through the knowledge base articles outlining the setup multiple times with all the experts on MOSS and Security here where I work.  We've used other materials we have on kerberos here.  But the end result is that the double hop is not happening.  We are trying to connect three ways: excel services, ssrs 2005 in integrated mode, and Sharepoint KPI's (using analysis services).  In every case the connection is not happening.

Other details are that the ssrs integrated mode seems to be setup right because I do get a report (albiet all it has is a connection error message).  Excel services works fine if I use the unattended service account, but when I switch the odc file to windows (should cause kerberos to kick in) it fails.  When I try to add a kpi to the kpi list it can't retrieve a list of kpi's from ssas.

In all cases I am the user trying to perform these operations, and I have total access to the cube -- I'm the developer.  I have no problems connecting to the cube directly through excel, so the security at that end passes t

Encryption/Decryption OAEP

  
I have some code: string newKey = AmazonFeedBrowser.Security.CryptoKeyContainer.GetKeyFromContainer("KeyContainer", true); RSACryptoServiceProvider trsa = new RSACryptoServiceProvider(); trsa.FromXmlString(newKey); string tu = Convert.ToBase64String(trsa.Encrypt(Encoding.UTF8.GetBytes("Administrator"), true)); Debug.WriteLine(tu); newKey = AmazonFeedBrowser.Security.CryptoKeyContainer.GetKeyFromContainer("KeyContainer", false); trsa = new RSACryptoServiceProvider(); trsa.FromXmlString(newKey); Debug.WriteLine(Encoding.UTF8.GetString(trsa.Decrypt(Convert.FromBase64String(tu), true))); I get a cryptographic exception indicating that the OAEP padding cannot be processed. The RSACryptoServiceProvider (trsa) is initialized with just the public key. It seems to work OK with the public and private key. Is there a way to use OAEP with just the public key? Error occurred while decoding OAEP padding. System.Security.Cryptography.CryptographicException was unhandled Message=Error occurred while decoding OAEP padding. Source=mscorlib StackTrace: at System.Security.Cryptography.RSACryptoServiceProvider.DecryptKey(SafeKeyHandle pKeyContext, Byte[] pbEncryptedKey, Int32 cbEncryptedKey, Boolean fOAEP, ObjectHandleOnStack ohRetDecryptedKey) at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP) .

SSAS logistic regression vs. vanilla logistic regression

  
I recently ran the same data set through the SSAS logistic regression (Neural network - Hidden layer disabled) as well as a vanilla logistic regression procedure. I am aware that different processes are followed in order to obtain the resulting co-efficients, however, has anyone got further information as to how close the results of the SSAS logistic regression equation are in comparison to logistic regression equations contained in other statistical packages such as SAS or SPSS? I do understand that the respective procedures are dependant on the quality of the data that they are applied to. I assume that the SSAS logistic regression may perform more favourably on one dataset in comparison to a vanilla logistic regression and vice versa. I am aware of the following post however it does not go into much detail concerning the results of the comparison. http://social.msdn.microsoft.com/Forums/en/sqldatamining/thread/4f381c6b-2471-4d4c-a022-316a1073184d Further info would certainly be appreciated.

how ssas generate sql queries when processing dimensions and partitions?

  
hi all, how does ssas2008 generate sql queries to read data from the source, where processing dimensions and partitions? is there any reading meterial that clearly explains how the sql queries are constructed according to properties of dsv, dimensions and measures and partitions.   thanks in advance.Andrew Chen Interested in BI related technologies
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend