Can Insight Discovery work in FIPS mode on Windows?

Joseph Vandermaas August 8, 2019

The official documentation recommends disabling FIPS mode on Windows.

https://documentation.riada.io/insight-discovery/latest/discovery-documentation/recommended-information

This is not an option for my environment. Is there any way to use Insight Asset Discovery to enumerate Windows devices that are in FIPS mode?

I ran into this with the agent, I haven't tried using the WMI method yet.

Thanks in advance.

1 answer

0 votes
Christian_Solle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 12, 2019

Hi,

where did you get that error when you are using the Windows-Agent?

The recommendation is for the Discovery-Tool or Collector-Tool

when starting the Setup the password and credential store encryption seems to be affected with the FIPS.

But the Windows-Agent doesn't have a password setting a setup or a credential store,

so it is not affected with that FIPS thing.

PS:

Latest documentation can be found here:

https://documentation.riada.io/display/INSDISC/Recommended+Information

Joseph Vandermaas August 12, 2019

Hi Christian,

Thanks for the tip.

I installed the Windows Agent from the Discovery_Agent_Setup.msi file per the instructions here:

The following message appears in log files that are generated in C:\Program Files\Riada\Discovery Agent\logs\

--------------- Start Discovery Agent (1.15.0.0) local scan ---------------
Error performing scan.
Exceptions:
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at Insight.Discovery.Tools.Crypter.GetMD5(String input) in c:\SourceCode\discovery_repo\DiscoTools\Crypter.cs:line 67
at Insight.Discovery.Agent.Const.<.cctor>b__0() in c:\SourceCode\discovery_repo\Discovery_Agent\Const.cs:line 15
at System.Lazy`1.CreateValue()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Lazy`1.get_Value()
at Insight.Discovery.Agent.Program.RunScan() in c:\SourceCode\discovery_repo\Discovery_Agent\Program.cs:line 245

Please advise, thanks.

Christian_Solle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 12, 2019

Okay,

that is.....bad....

For the Name of the service a hash is generated MD5 based.

And your FIPS Setting are not allowing MD5 to use....

That needs some investigation from our site to check and maybe replacing it with an FIPS accepted algorithm.

I have created a public ticket for that

https://jira.riada.io/browse/ID-85

// Christian

Joseph Vandermaas August 13, 2019

Ok, thanks for the followup.

Hi, is there any progress on that issue? I'm in the same situation and looking for a workaround.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events