Error 404--Not Found

Error 404--Not Found

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.

Search and DocFinder
Search help/advanced search

Vendor Product Showcase

News NetFlash: Daily News Internat'l News This Week in NW The Edge Features Research Buyer's Guides Reviews Technology Primers Vendor Profiles Forums Columnists Knowledgebase Help Desk Dr. Intranet Gearhead Careers Free Newsletters Subscription Center Seminars/Events Reprints/Links White Papers Partner with Us Site Map Contact Us Home


NT 4.0 flunks cryptography test
Another service pack fix and interoperability woes for users are the results.

By Ellen Messmer
Network World, 01/11/99

Washington, D.C.

Last summer, Microsoft hoped to see NT 4.0 breeze through government tests of encryption features such as Data Encryption Standard and digital signatures. But things didn't go exactly as planned.

Products must pass the Federal Information Processing Standard (FIPS) 140-1 certification test before they can be sold to the U.S. and Canadian governments.

Not only did the Redmond, Wash., giant fail the cryptography tests, but Microsoft officials now acknowledge that the lab scrutiny exposed shortcomings in NT's cryptographic processing that will force Microsoft to redesign the operating system.

Microsoft expects to issue a service-pack upgrade later this year - once NT finally makes it through FIPS 140-1 testing.

"We expect this to happen early in the first quarter, but we have to allow for additional delays," says Patrick Arnold, program manager at Microsoft Federal Systems.

The Microsoft code fix, however, will prevent users who apply it from using Internet Explorer 4.0, Outlook 98 and perhaps other applications, such as the Microsoft Internet Information Server.

"Only Internet Explorer 5.0 will know how to work in FIPS mode," Arnold explains, adding Microsoft is still assessing the application interoperability problems that will result from the fix.

Microsoft has already released NT Service Pack 4, which was supposed to be the last upgrade for NT 4.0. The company has not yet announced the FIPS upgrade and has not explained whether all users - or just the ones that need the FIPS compliance - will be urged to upgrade.

The problems, which were uncovered at CygnaCom Solutions, a government-certified testing lab, are related to NT 4.0's CryptoAPIs.

Government reaction

Government users, especially the Department of Defense, which bought tens of thousands of NT 4.0 servers, are bracing for impact. "Will our department upgrade and work through the interoperability problems? Absolutely," says Dick Schaeffer, a Defense Department security manager. "FIPS 140-1 is an important benchmark that tells us an encryption module is working right."

Prodded by the Defense Department to meet government encryption standards, Microsoft insists that NT 4.0 and NT 5.0 will henceforth be designed around FIPS 140-1. And there will be only one version of NT - the FIPS version - sold to the government and commercial sectors.

Microsoft admits it might have sidestepped the interoperability mess if it had gotten into the government's test program earlier.

"We got into this a bit late," Arnold confesses. "We weren't effectively paying attention."

Late indeed. The FIPS 140-1 test program was started five years ago by the National Institute of Standards and Technology (NIST), with help from the National Security Agency.

During the past two years, the government established a vigorous test regime with three certified labs. Last year, agencies were told they had to start buying FIPS 140-1 products to protect sensitive but unclassified information.

To date, about 30 products have won FIPS 140-1 certification, including Netscape's Communicator client software and SuiteSpot server. According to NIST officials, 30 other products are undergoing testing.

Government agencies - in theory - shouldn't be using NT to protect sensitive but unclassified information because it isn't FIPS 140-1certified, says Miles Smid, manager of security technology at NIST.

Agencies can ask for a waiver, but the reality is that none have bothered - the lack of FIPS 140-1 products in the market seems to be excuse enough.

"FIPS 140-1 is very important, but there aren't enough products to buy," says the Defense Department's Schaeffer.

For more info:
FIPS 140-1

Products certified as 140-1 compliant
From NIST.

Microsoft's NT security page

Today's News

ICANN board approves reform agenda

House committee subpoenas WorldCom executives

KPMG Consulting to hire Andersen IT staff, not unit

Xerox accounting troubles may total $6 billion

Analysis: Ciena/ONI deal done

All of today's news


A good .plan
Plus: Porn credit-card site hacked.


Prioritizing voice over data in VoIP
Nutter helps a user make sure voice gets priority on a Cisco net.


E-comm Innovator of the Year Award
Know someone with a groundbreaking e-commerce project? Nominate him or her for our annual award.

  Copyright, 1995-2001 Network World, Inc. All rights reserved.