Traffic Encryption and Compression

The encryption mode is used to ensure the security of data transmitted over an insecure channel and to prevent the possible disclosure of valuable information and tampering with the software downloaded to the protected stations.

Dr.Web Enterprise Security Suite anti-virus network uses the following cryptographic means:

Dr.Web Enterprise Security Suite anti-virus network encrypts the traffic between Dr.Web Server and the following clients:

Since traffic between components, especially between Dr.Web Servers, can be significant, the anti-virus network supports traffic compression. Configuration of the compression policy and the compatibility of such settings between different clients is similar to the encryption settings.

The encryption and compression policy is set separately for each component of the anti-virus network; furthermore, settings of other components should be compatible with the Dr.Web Server settings.

When coordinating encryption and compression settings on Dr.Web Server and a client, please note that certain combinations are incompatible and, if selected, will result in disconnecting the client from Dr.Web Server.

The table below shows which settings ensure that the connection between Dr.Web Server and the clients will be encrypted/compressed (+), or non-encrypted/uncompressed (–) and which combinations are incompatible (Error).

Client settings	Dr.Web Server settings
Client settings	Yes	Possible	No
Yes	+	+	Error
Possible	+	+	–
No	Error	–	–

Traffic encryption places a significant load on computers that are close to the minimum system requirements for the components installed on them. Therefore, if traffic encryption is not needed to provide additional security, you can disable this mode.

To disable encryption, you should first switch Dr.Web Server and then other components to the Possible mode in order to avoid the creation of incompatible client-server pairs.

Using the compression mode will reduce traffic, but will considerably increase the memory usage and the CPU load on computers, more than the encryption.

If you want to connect clients to Dr.Web Server via Dr.Web Proxy Server, you should consider the encryption and compression settings on all three components. In this case:

•Settings of Dr.Web Server and the Proxy Server (here it plays the role of a client) need to comply with the table above.

•Settings of the client and the Proxy Server (here it plays the role of Dr.Web Server) need to comply with the table above.

The ability connect through the Proxy Server depends on the version of Dr.Web Server and the client supporting certain encryption technologies:

•If Dr.Web Server and the client support TLS encryption that is used in version 13.0, it is enough to meet the above requirements to establish a working connection.

•If one of the components does not support TLS encryption: Dr.Web Server and/or the client are version 10 or earlier which provides GOST encryption, then an additional check is performed according to the table below.

Compatibility of the encryption and compression policy settings when using the Proxy Server

Client connection settings	Dr.Web Server connection settings
Client connection settings	Nothing	Compression	Encryption	All
Nothing	Normal mode	Normal mode	Error	Error
Compression	Normal mode	Normal mode	Error	Error
Encryption	Error	Error	Transparent mode	Error
All	Error	Error	Error	Transparent mode

Dr.Web Server and client connection settings
Nothing	Neither compression nor encryption is supported
Compression	Only compression is supported
Encryption	Only encryption is supported
All	Both, compression and encryption are supported
Resulting connection
Normal mode	Established connection implies the operation in the normal mode, i. e., with command processing and caching
Transparent mode	Established connection implies the operation in the transparent mode, i. e., without command processing and without caching. This mode uses the lowest version of encryption protocol supported by all the components: e. g. if one of the components (Dr.Web Server or Dr.Web Agent) supports version 13, and the other only supports version 10, then the latter version is used
Error	Connection of the Proxy Server both to Dr.Web Server and the client will be terminated

If Dr.Web Server and Dr.Web Agent have different version: for example, one is version 13, and the other is version 10 or earlier, then the following limitations apply to the connections established though the Proxy Server:

•Data can be cached on the Proxy Server only if both connections to Dr.Web Server and to the client are established without the encryption.

•Encryption will be used only if both connections to Dr.Web Server and to the client are established using the encryption and the same compression parameters (compression is used for both connections or not used for both of them).

2.In the window that opens, select Dr.Web Server configuration in the control menu.

3.On the Network → Transport tab, select the necessary option in the Encryption and Compression drop-down lists:

•Yes—enforces traffic encryption (or compression) for all clients (set by default for encryption, if the parameter was not modified during Dr.Web Server installation).

•Possible—enables traffic encryption(or compression) for those components which are configured to support it.

•No—encryption (or compression) is not supported (set by default for compression, if the parameter has not been modified during the Dr.Web Server installation).

2.Select Anti-virus network in the main menu of the Control Center, in the hierarchical list of the opened window, click the name of the Proxy Server whose settings you want to edit or its primary group if the Proxy Server settings are inherited.

3.In the control menu that opens, select Dr.Web Proxy Server. This opens the settings section.

5.In the Client connection parameters section, in the Encryption and Compression drop-down lists, select the traffic encryption and compression modes for the data transmission channels between the Proxy Server and the connected clients: Dr.Web Agents and Dr.Web Agent installers.

6.In the Dr.Web connection parameters section, you can specify the list of Dr.Web Servers to which the traffic will be redirected. Select the required Dr.Web Server in the list and click

on the toolbar to edit the settings for connection to the selected Dr.Web Server. In the window that opens, in the Encryption and Compression drop-down lists, select the traffic encryption and compression modes for the data transmission channel between the Proxy Server and the specified Dr.Web Server.

If the Proxy Server is connected to the managing Dr.Web Server for remote configuration, then the Proxy Server configuration file will be rewritten according to the settings received from Dr.Web Server. In this case, you should configure the settings remotely from Dr.Web Server or disable the option that allows receiving the configuration from this Dr.Web Server.

Description of the drwcsd-proxy.conf configuration file is given in the Appendices, in F4. Dr.Web Proxy Server Configuration File.

1.On the computer with the Proxy Server installed, open the drwcsd-proxy.conf configuration file.

2.Edit the encryption and compression settings for connections with clients and Dr.Web Servers.

▫If the Proxy Server runs as a Windows service, restart the service using the conventional means.

1.Select Anti-virus Network in the Control Center main menu, then click the name of a group or a station in the hierarchical list of the opened window.

3.On the General tab, in the Compression mode and Encryption mode drop-down lists, select one of the following:

•Yes—enables obligatory traffic encryption (or compression) to Dr.Web Server.

•Possible—enables encryption (or compression) of traffic to Dr.Web Server if the Dr.Web Server settings do not prohibit it.

5.The changes will take effect as soon as the settings will be propagated to stations. If stations are offline at the time when the settings are changed, the changes will be applied as soon as stations connect to Dr.Web Server.

Encryption and compression settings can be set during Dr.Web Agent installation:

•When installed remotely from the Control Center, the encryption and compression mode is set directly in the Network installation section.

•When installed locally, the GUI installer does not allow you to change the encryption and compression settings; however, these settings can be configured using the command line switches when the installer is launched (see the Appendices, section G1. Network Installer).

After Dr.Web Agent is installed, you cannot change encryption and compression settings locally on the station. By default, the mode is set to Possible (if no other value was set during the installation), that is, the use of encryption and compression depends on the Dr.Web Server settings. However, the Dr.Web Agent settings can be changed using the Control Center (see above).

Dr.Web Anti-virus for Android does not support encryption and compression. The connection will be impossible if the Yes value for encryption and/or compression is specified on Dr.Web Server or Proxy Server (for connection via the Proxy Server).

You cannot change the encryption and compression settings during the anti-virus installation. By default, the Possible mode is set.

After the anti-virus installation, you can change encryption and compression settings locally on the station only using the command line mode. The description of the command line mode and the corresponding switches can be found in the Dr.Web for Linux User Manual.

You cannot change encryption and compression settings locally on the station. By default, the Possible mode is set, that is encryption and compression usage depends on the Dr.Web Server settings.