Microsoft beefs up NT security
Microsoft will boost security for Windows NT by supporting FIPS 140-1 and Fortezza, two key crypto standards for federal government users.
Microsoft will add support to Windows NT Workstation and Server 4.0 operating systems later this year. Support of FIPS 140-1 and Fortezza will be achieved through security plug-ins for Microsoft's CryptoAPI, a set of programming interfaces.
As part of a broad security effort in the federal marketplace, Microsoft plans to include FIPS 140-1-validated cryptographic modules in future products. It also will add native support for secure sockets layer (SSL) Web communications using Fortezza.
"Product security and quality in a heterogeneous environment is of paramount importance to Microsoft,'' Pete Hayes, general manager of Microsoft Federal Systems, said in a statement.
Fortezza is a federal standard for using hardware security devices. Federal Information Processing Standard (FIPS) is a set of encryption modules widely required within the federal government for securing unclassified information.
While Microsoft already supports Fortezza in Microsoft Exchange and the Outlook client software, it will add Fortezza support for Windows NT using Internet Explorer 5 and Microsoft Internet Information Services 5.0.
Spyrus, which sells security tokens called Lynks and Spyrus Fortezza crypto cards, worked with Microsoft on its Fortezza initiative.
Microsoft's first FIPS module for NT 4.0 is expected to complete evaluation late this year. A second FIPS module is planned to ship as a core component of Windows NT Server 5.0 and Windows NT Workstation 5.0.
The company will submit additional algorithms for validation as the National Institute of Standards and Technology, which oversees security standards for the federal government, expands the list of approved FIPS 140-1 algorithms.