Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy? -- Ignore unavailable to you. Want to Upgrade?

To: David O'Berry who wrote (24950)	1/12/1999 11:18:00 AM
From: Paul Fiondella	Read Replies (1) \| Respond to of 42771

Terrific Post David---- Some substance from the field Can you just tell us how long you have worked with NDS and what uses you put it to from the beginning until now? Also have you had any use for NDS at the client level, that is people outside of your company accessing your computer systems? Are you providing your customers with any internet access to your computer systems? Can you explain what you mean by the proper mix between Unix, Netware and NT? ========================= Sorry for all the questions but I'm curious as to whether you have always been a Novell shop or have shopped around and come to the conclusions you have reached about Netware based upon trying more with Unix and NT and pulling back.

To: David O'Berry who wrote (24950)	1/13/1999 2:57:00 AM
From: PJ Strifas	Respond to of 42771

Hello! Here's another interesting article (I'm a security nut, learning more and more every day!) with a few good links at the bottom of the page If you are wondering about Novell's products, I did manage to dig up this link for Novell's IntraNetWare 4.11 and C2 Certification from the US Gov't. developer.novell.com Peter ------------------------- NT 4.0 flunks cryptography test Another service pack fix and interoperability woes for users are the results. By Ellen Messmer Network World, 01/11/99 Washington, D.C. Last summer, Microsoft hoped to see NT 4.0 breeze through government tests of encryption features such as Data Encryption Standard and digital signatures. But things didn't go exactly as planned. Products must pass the Federal Information Processing Standard (FIPS) 140-1 certification test before they can be sold to the U.S. and Canadian governments. Not only did the Redmond, Wash., giant fail the cryptography tests, but Microsoft officials now acknowledge that the lab scrutiny exposed shortcomings in NT's cryptographic processing that will force Microsoft to redesign the operating system. Microsoft expects to issue a service-pack upgrade later this year - once NT finally makes it through FIPS 140-1 testing. "We expect this to happen early in the first quarter, but we have to allow for additional delays," says Patrick Arnold, program manager at Microsoft Federal Systems. The Microsoft code fix, however, will prevent users who apply it from using Internet Explorer 4.0, Outlook 98 and perhaps other applications, such as the Microsoft Internet Information Server. "Only Internet Explorer 5.0 will know how to work in FIPS mode," Arnold explains, adding Microsoft is still assessing the application interoperability problems that will result from the fix. Microsoft has already released NT Service Pack 4, which was supposed to be the last upgrade for NT 4.0. The company has not yet announced the FIPS upgrade and has not explained whether all users - or just the ones that need the FIPS compliance - will be urged to upgrade. The problems, which were uncovered at CygnaCom Solutions, a government-certified testing lab, are related to NT 4.0's CryptoAPIs. Government reaction Government users, especially the Department of Defense, which bought tens of thousands of NT 4.0 servers, are bracing for impact. "Will our department upgrade and work through the interoperability problems? Absolutely," says Dick Schaeffer, a Defense Department security manager. "FIPS 140-1 is an important benchmark that tells us an encryption module is working right." Prodded by the Defense Department to meet government encryption standards, Microsoft insists that NT 4.0 and NT 5.0 will henceforth be designed around FIPS 140-1. And there will be only one version of NT - the FIPS version - sold to the government and commercial sectors. Microsoft admits it might have sidestepped the interoperability mess if it had gotten into the government's test program earlier. "We got into this a bit late," Arnold confesses. "We weren't effectively paying attention." Late indeed. The FIPS 140-1 test program was started five years ago by the National Institute of Standards and Technology (NIST), with help from the National Security Agency. During the past two years, the government established a vigorous test regime with three certified labs. Last year, agencies were told they had to start buying FIPS 140-1 products to protect sensitive but unclassified information. To date, about 30 products have won FIPS 140-1 certification, including Netscape's Communicator client software and SuiteSpot server. According to NIST officials, 30 other products are undergoing testing. Government agencies - in theory - shouldn't be using NT to protect sensitive but unclassified information because it isn't FIPS 140-1certified, says Miles Smid, manager of security technology at NIST. Agencies can ask for a waiver, but the reality is that none have bothered - the lack of FIPS 140-1 products in the market seems to be excuse enough. "FIPS 140-1 is very important, but there aren't enough products to buy," says the Defense Department's Schaeffer. For Info on FIPS -->> csrc.nist.gov Current products on FIPS List -->> csrc.nist.gov