Traffic Encryption and Compression

The encryption mode is used to ensure the security of data transmitted over an insecure channel and to prevent the possible disclosure of valuable information and tampering with the software downloaded to the protected stations.

Dr.Web Enterprise Security Suite anti-virus network uses the following cryptographic means:

Electronic digital signature (GOST R 34.10-2001).

Asymmetric encryption (VKO GOST R 34.10-2001 – RFC 4357).

Symmetric encryption (GOST 28147-89).

Cryptographic hash function (GOST R 34.11-94).

Dr.Web Enterprise Security Suite anti-virus network encrypts the traffic between Dr.Web Server and the following clients:

Dr.Web Agents.

Dr.Web Agent installers.

Neighbor Dr.Web Servers.

Dr.Web Proxy-servers.

Since traffic between components, especially between Dr.Web Servers, can be significant, the anti-virus network supports traffic compression. Configuration of the compression policy and the compatibility of such settings between different clients is similar to the encryption settings.

Settings Compatibility policy

The encryption and compression policy is set separately for each component of the anti-virus network; furthermore, settings of other components should be compatible with the Dr.Web Server settings.

When coordinating encryption and compression settings on Dr.Web Server and a client, please note that certain combinations are incompatible and, if selected, will result in disconnecting the client from Dr.Web Server.

The table below shows which settings ensure that the connection between Dr.Web Server and the clients will be encrypted/compressed (+), or non-encrypted/uncompressed (–) and which combinations are incompatible (Error).

Compatibility of the encryption and compression policy settings

Client settings

Dr.Web Server settings

Yes

Possible

No

Yes

+

+

Error

Possible

+

+

No

Error

warning

Traffic encryption places a significant load on computers that are close to the minimum system requirements for the components installed on them. Therefore, if traffic encryption is not needed to provide additional security, you can disable this mode.

To disable encryption, you should first switch Dr.Web Server and then other components to the Possible mode in order to avoid the creation of incompatible client-server pairs.

 

Using the compression mode will reduce traffic, but will considerably increase the memory usage and the CPU load on computers, more than the encryption.

Connecting through Dr.Web Proxy Server

If you want to connect clients to Dr.Web Server via Dr.Web Proxy Server, you should consider the encryption and compression settings on all three components. In this case:

Settings of Dr.Web Server and the Proxy Server (here it plays the role of a client) need to comply with the table above.

Settings of the client and the Proxy Server (here it plays the role of Dr.Web Server) need to comply with the table above.

The ability connect through the Proxy Server depends on the version of Dr.Web Server and the client supporting certain encryption technologies:

If Dr.Web Server and the client support TLS encryption that is used in version 13.0, it is enough to meet the above requirements to establish a working connection.

If one of the components does not support TLS encryption: Dr.Web Server and/or the client are version 10 or earlier which provides GOST encryption, then an additional check is performed according to the table below.

Compatibility of the encryption and compression policy settings when using the Proxy Server

Client connection settings

Dr.Web Server connection settings

Nothing

Compression

Encryption

All

Nothing

Normal mode

Normal mode

Error

Error

Compression

Normal mode

Normal mode

Error

Error

Encryption

Error

Error

Transparent mode

Error

All

Error

Error

Error

Transparent mode

Legend

If Dr.Web Server and Dr.Web Agent have different version: for example, one is version 13, and the other is version 10 or earlier, then the following limitations apply to the connections established though the Proxy Server:

Data can be cached on the Proxy Server only if both connections to Dr.Web Server and to the client are established without the encryption.

Encryption will be used only if both connections to Dr.Web Server and to the client are established using the encryption and the same compression parameters (compression is used for both connections or not used for both of them).

Encryption and compression settings on Dr.Web Server

Setting the encryption and compression policies of Dr.Web Server

1.Select Administration in the main menu of the Control Center.

2.In the window that opens, select Dr.Web Server configuration in the control menu.

3.On the Network → Transport tab, select the necessary option in the Encryption and Compression drop-down lists:

Yes—enforces traffic encryption (or compression) for all clients (set by default for encryption, if the parameter was not modified during Dr.Web Server installation).

Possible—enables traffic encryption(or compression) for those components which are configured to support it.

No—encryption (or compression) is not supported (set by default for compression, if the parameter has not been modified during the Dr.Web Server installation).

warning

When configuring encryption and compression on Dr.Web Server, please consider the capabilities of the clients that will be connected to this Dr.Web Server. Not all clients support traffic encryption and compression.

Encryption and compression settings on Dr.Web Proxy Server

Centralized management of encryption and compression settings for Proxy Server

info

If the Proxy Server is not connected to Dr.Web Server for centralized management of its settings, configure the connection as described in section Connecting Dr.Web Proxy Server to Dr.Web Server.

1.Open the Control Center of the Dr.Web Server which controls the Proxy Server.

2.Select Anti-virus network in the main menu of the Control Center, in the hierarchical list of the opened window, click the name of the Proxy Server whose settings you want to edit or its primary group if the Proxy Server settings are inherited.

3.In the control menu that opens, select Dr.Web Proxy Server. This opens the settings section.

4.Go to the Listen tab.

5.In the Client connection parameters section, in the Encryption and Compression drop-down lists, select the traffic encryption and compression modes for the data transmission channels between the Proxy Server and the connected clients: Dr.Web Agents and Dr.Web Agent installers.

6.In the Dr.Web connection parameters section, you can specify the list of Dr.Web Servers to which the traffic will be redirected. Select the required Dr.Web Server in the list and click icon-new-edit on the toolbar to edit the settings for connection to the selected Dr.Web Server. In the window that opens, in the Encryption and Compression drop-down lists, select the traffic encryption and compression modes for the data transmission channel between the Proxy Server and the specified Dr.Web Server.

7.Click Save to save all the settings.

Local management of encryption and compression policies for Proxy Server

info

If the Proxy Server is connected to the managing Dr.Web Server for remote configuration, then the Proxy Server configuration file will be rewritten according to the settings received from Dr.Web Server. In this case, you should configure the settings remotely from Dr.Web Server or disable the option that allows receiving the configuration from this Dr.Web Server.

 

Description of the drwcsd-proxy.conf configuration file is given in the Appendices, in F4. Dr.Web Proxy Server Configuration File.

1.On the computer with the Proxy Server installed, open the drwcsd-proxy.conf configuration file.

2.Edit the encryption and compression settings for connections with clients and Dr.Web Servers.

3.Restart the Proxy Server:

For Windows OS:

If the Proxy Server runs as a Windows service, restart the service using the conventional means.

If the Proxy Server runs in console, press Ctrl+Break.

For Unix-like OS:

Send the SIGHUP signal to the Proxy Server daemon.

Execute the following command:

For Linux OS:

/etc/init.d/dwcp_proxy restart

For FreeBSD OS:

/usr/local/etc/rc.d/dwcp_proxy restart

Station-side encryption and compression settings

Centralized management of station-side encryption and compression policies

1.Select Anti-virus Network in the Control Center main menu, then click the name of a group or a station in the hierarchical list of the opened window.

2.In the control menu that opens, select Connection parameters.

3.On the General tab, in the Compression mode and Encryption mode drop-down lists, select one of the following:

Yes—enables obligatory traffic encryption (or compression) to Dr.Web Server.

Possible—enables encryption (or compression) of traffic to Dr.Web Server if the Dr.Web Server settings do not prohibit it.

No—encryption (or compression) is not supported.

4.Click Save.

5.The changes will take effect as soon as the settings will be propagated to stations. If stations are offline at the time when the settings are changed, the changes will be applied as soon as stations connect to Dr.Web Server.

Dr.Web Agent for Windows

Encryption and compression settings can be set during Dr.Web Agent installation:

When installed remotely from the Control Center, the encryption and compression mode is set directly in the Network installation section.

When installed locally, the GUI installer does not allow you to change the encryption and compression settings; however, these settings can be configured using the command line switches when the installer is launched (see the Appendices, section G1. Network Installer).

After Dr.Web Agent is installed, you cannot change encryption and compression settings locally on the station. By default, the mode is set to Possible (if no other value was set during the installation), that is, the use of encryption and compression depends on the Dr.Web Server settings. However, the Dr.Web Agent settings can be changed using the Control Center (see above).

Dr.Web Anti-virus for Android

Dr.Web Anti-virus for Android does not support encryption and compression. The connection will be impossible if the Yes value for encryption and/or compression is specified on Dr.Web Server or Proxy Server (for connection via the Proxy Server).

Dr.Web Anti-virus for Linux

You cannot change the encryption and compression settings during the anti-virus installation. By default, the Possible mode is set.

After the anti-virus installation, you can change encryption and compression settings locally on the station only using the command line mode. The description of the command line mode and the corresponding switches can be found in the Dr.Web for Linux User Manual.

Station-side settings can also be changed using the Control Center (see above).

Dr.Web Anti-virus for macOS

You cannot change encryption and compression settings locally on the station. By default, the Possible mode is set, that is encryption and compression usage depends on the Dr.Web Server settings.

Station-side settings can be changed using the Control Center (see above).