Traffic Encryption and Compression |
The encryption mode is used to ensure the security for data transmitted over an insecure channel and to avoid the possible disclosure of valuable information and substitution of software downloaded to the protected stations. Dr.Web Enterprise Security Suite anti-virus network uses the following cryptographic means: •Electronic digital signature (GOST R 34.10-2001). •Asymmetric encryption (VKO GOST R 34.10-2001 – RFC 4357). •Symmetric encryption (GOST 28147-89). •Cryptographic hash function (GOST R 34.11-94). Dr.Web Enterprise Security Suite anti-virus network allows to encrypt the traffic between Server and the following clients: •Dr.Web Agents. •Dr.Web Agent installers. •Neighbor Dr.Web Servers. •Dr.Web Proxy-servers. As traffic between components, in particular the traffic between Servers, can be considerable, the anti-virus network provides for compression of this traffic. The setting of the compression policy and the compatibility of settings on different clients are the same as those for encryption. Settings Compatibility Policy The encryption and compression policy is set separately for each component of the anti-virus network, at this, settings of other components should be compatible with the settings of the Server. When coordinating encryption and compression settings on the Server and a client, please consider that certain combinations are incompatible and, if selected, will result in disconnecting the client from the Server. Table below describes what settings provide the connection between the Server and the clients encrypted/compressed (+), when the connection will be non-encrypted/uncompressed (–) and what combinations are incompatible (). Compatibility of the encryption and compression policy settings
Connection via Dr.Web Proxy Server If you want to connect clients to the Server via Dr.Web Proxy Server, you must consider the encryption and compression settings on all three components. At this: •Settings of the Server and the Proxy Server (here it plays a role of a client) must be conformed by the table above. •Settings of the client and the Proxy Server (here it plays a role of the Server) must be conformed by the table above. Ability to establish a connection via the Proxy Server depends on a version of the Server and a client that support certain encryption technologies: •If the Server and the client support TLS encryption that is used in the version 12.0, it is enough to perform the above conditions to establish the working connection. •If one of the components does not support TLS encryption: the Server and/or a client has the version 10 or earlier providing the GHOST encryption, the addition check is performed according to the table below. Compatibility of the encryption and compression policy settings at using the Proxy Server
Thus, if the Server and the Agent have different version: one has version 11, and other has version 10 and previous, then the following limitations are applied to the established connections via the Proxy Server: •Data can be cached on the Proxy Server only if both of connections with the Server and with the client are established without using the encryption. •The encryption will be used only if both of connections with the Server and with the client are established with using the encryption and the same compression parameters (compression is used for both connections or not used for both of them). Encryption and Compression Settings on Dr.Web Server To specify the encryption and compression policies of the Server 1.Select the item in the main menu of the Control Center. 2.In the opened window, click in the control menu. 3.On the tab, select the necessary variant in the and drop-down lists: •—enables obligatory traffic encryption (or compression) with all clients (is set by default for encryption, if the parameter has not been modified during the Server installation). •—instructs to encrypt (or compress) traffic with those components those settings do not prohibit it. •—encryption (or compression) is not supported (is set by default for compression, if the parameter has not been modified during the Server installation).
Encryption and Compression Settings on Dr.Web Proxy Server To centralized specify the encryption and compression policies for the Proxy Server
1.Open the Control Center of the managing Server for the Proxy Server. 2.Select the item in the main menu of the Control Center, in the hierarchical list of the opened window, click the name of the Proxy Server settings of which you want to edit or its primary group if the Proxy Server settings are inherited. 3.In the opened control menu, select . Settings section opens. 4.Go to the tab. 5.In the section, in the and drop-down lists, select the encryption and compression modes of traffic for channels between Proxy Server and served clients: Agents and Agent installers. 6.In the section, you can specify the list of Servers to which the traffic will be forwarded. Select the necessary Server in the list and click on the toolbar to edit the settings for connection with selected Dr.Web Server. In the opened window, in the and drop-down lists, select the encryption and compression modes of traffic for channels between Proxy Server and the specified Server. 7.To save all the specified settings, click . To locally specify the encryption and compression policies for the Proxy Server
1.On the computer with the Proxy Server installed, open the drwcsd-proxy.conf configuration file. 2.Edit the settings for encryption and compressions for connections with clients and the Servers. 3.Restart the Proxy Server: •For Windows OS: ▫If the Proxy Server is run as a service of Windows OS, restart the service by the standard means of the system. ▫If the Proxy Server is run in console, press Ctrl+Break. •For UNIX system-based OS: ▫Send the SIGHUP signal to the Proxy Server daemon. ▫Execute the following command: For Linux OS:
For FreeBSD OS:
Encryption and Compression Settings on Stations To centralized specify the encryption and compression policies of stations 1.Select the item in the main menu of the Control Center, then click the name of a group or a station in the hierarchical list of the opened window. 2.In the opened control menu, select . 3.On the tab, in the and drop-down lists, select one of the following: •—enables obligatory traffic encryption (or compression) with the Server. •—instructs to encrypt (or compress) traffic with the Server if the Server settings do not prohibit it. •—encryption (or compression) is not supported. 4.Click . 5.The changes will take effect as soon as the settings will be passed to stations. If stations are offline at the time of changing the settings, the changes will be passed as soon as stations connect to the Server. Dr.Web Agent for Windows Encryption and compression settings can be set at the Agent installation: •At the remote installation from the Control Center, encryption and compression mode is set directly in the section settings. •At local installation, the GUI installer does not provide encryption and compression changing, but these settings can be set using the command line switches during the installer launch (see the , p. H1. Network Installer). After the Agent installation, you cannot change encryption and compression settings locally on station. By default, the mode is set (if other value has not been set at the installation), i.e. encryption and compression usage depends on the Server settings. However, the Agent settings can be changed via the Control Center (see above). Dr.Web Anti-virus for Android Dr.Web Anti-virus for Android does not support neither encryption nor compression. Connection will be impossible if the value is specified for encryption and/or compression at the Server or the Proxy Server (for connection via the Proxy Server). Dr.Web Anti-virus for Linux At the anti-virus installation, you cannot change encryption and compression settings. By default, the mode is set. After the anti-virus installation, you can change encryption and compression settings locally on station only in the command line mode. You can find the description of a command line mode and corresponding switches in the . Also, the station settings can be changed via the Control Center (see above). Dr.Web Anti-virus for macOS You cannot change encryption and compression settings locally on station. By default, the mode is set, i.e. encryption and compression usage depends on the Server settings The station settings can be changed via the Control Center (see above). |