Running Security Center on a Windows machine in FIPS mode - Security Center 5.7 - 5.8

series
Security Center 5.7 - 5.8
revised_modified
2019-10-02

Running Security Center on a Windows machine in FIPS mode

Starting with Security Center 5.8.1.0, you can install .NET Framework 4.8 to automatically select Federal Information Processing Standard (FIPS) compliant encryption algorithms for your system.

What you should know

To run Security Center 5.8 GA and earlier on a Windows machine that has Federal Information Processing Standard (FIPS) mode enabled, you must disable the machine's FIPS compliance checks for Security Center. This procedure must be performed on each Windows machine in your environment that has FIPS mode enabled and is running a Security Center client or server. This is due to Security Center's use of cryptographic algorithms, which are FIPS-approved but non-validated for 5.8 GA and earlier.

For 5.8.1.0 and later, this exception does not apply as Security Center relies on FIPS certified encryption libraries in these versions.

Procedure

To run Security Center 5.8.1.0 or later on a Windows machine that is running in FIPS mode:

  1. Install .NET Framework 4.8 on your machine.
    Using this version of the Microsoft .NET Framework, all managed cryptography classes used by Security Center will redirect the cryptographic operations to a system cryptography library which has gone through FIPS 140-2 certification.

To run Security Center 5.8 GA or earlier on a Windows machine that is running in FIPS mode:

  1. Find every .exe.config file in your Security Center installation folder. The default path is: C:\Program Files (x86)\Genetec Security Center 5.x
    To generate a complete list of .exe.config files, open the Windows machine's Command Prompt and enter C:\Program Files (x86)\Genetec Security Center 5.x>dir *exe.config. The following is the list of .exe.config files found in Security Center 5.7 SR2:
    • ConfigTool.exe.config
    • Genetec.MediaComponent32.exe.config
    • Genetec.MediaServices.exe.config
    • Genetec.OmnicastMediaComponent32.exe.config
    • GenetecAccessManager.exe.config
    • GenetecArchiver.exe.config
    • GenetecArchiverAgent32.exe.config
    • GenetecArchivingAuthorization.exe.config
    • GenetecAuth.exe.config
    • GenetecDiagnostics.exe.config
    • GenetecDirectory.exe.config
    • GenetecHealthMonitoring.exe.config
    • GenetecInterface.exe.config
    • GenetecLicensePlateManager.exe.config
    • GenetecMacroAgent32.exe.config
    • GenetecMapManager.exe.config
    • GenetecMediaRouter.exe.config
    • GenetecPlugin.exe.config
    • GenetecRedirector.exe.config
    • GenetecReportManager32.exe.config
    • GenetecReverseTunnelServer.exe.config
    • GenetecReverseTunnelServerAgent.exe.config
    • GenetecSecurityCenterFederation.exe.config
    • GenetecServer.exe.config
    • GenetecServerHost.exe.config
    • GenetecServerHost32.exe.config
    • GenetecUtility32.exe.config
    • GenetecVideoPlayer.exe.config
    • GenetecVideoUnitControl32.exe.config
    • GenetecZoneManager.exe.config
    • SecurityDesk.exe.config
    • SecurityDesk32.exe.config
    • VertXUtilities32.exe.config
    • VideoFileAnalyzer.exe.config
    This list will differ if you are using a prior or subsequent version of Security Center.
  2. In each file, search for the line <enforceFIPSPolicy enabled="true"/>.
    • If it exists, change it to <enforceFIPSPolicy enabled="false"/>.
    • If it does not exist, find the </runtime> line. On the preceding line, enter <enforceFIPSPolicy enabled="false"/>.
  3. Save the file.
  4. After the change has been made to each file, restart the Genetecâ„¢ Server service.
    NOTE: While this procedure enables Security Center to run on a Windows machine that is in FIPS mode, it does not make Security Center FIPS-compliant.