The Dr.Web ESS anti-virus allows encrypting the traffic between Enterprise Server and Enterprise Agents, between Enterprise Server and the Network Installer (s), and between Enterprise Servers (in multi-server anti-virus networks). This mode is used to avoid leakage of user keys and other data during interaction.
The program uses reliable tools of encryption and digital signature based on the concept of pairs of public and private keys.
The encryption policy is set separately for each component of the Dr.Web ESS anti-virus. Settings of other components should be compatible with the settings of the Server.
To set the encryption and compression policies for the workstations on the Dr.Web Enterprise Server:
1.Select the Administration item in the main menu.
2.Click Dr.Web Enterprise Server Configuration in the control menu.
3.On the General tab, select the necessary variant in the Encryption and Compression drop-down lists:
◆Yes — enables obligatory traffic encryption (or compression) for all components (is set by default for encryption, if the parameter has not been modified during the Server installation),
◆Possible — instructs to encrypt (or compress) traffic with those components whose settings do not prohibit it,
◆No — encryption (or compression) is not supported (is set by default for compression, if the parameter has not been modified during the Server installation).
When coordinating the settings of the encryption policy on the Server and other components (the Agent or the Network Installer), one should remember, that certain combinations are incompatible and, if selected, will result in disconnecting the corresponding component from the Server.
Table below describes what settings provide for encryption between the Server and the components (+), when the connection will be non-encrypted (—) and what combinations are incompatible (Error).
Compatibility of the encryption policy settings
Component settings |
Server settings |
||
|---|---|---|---|
Yes |
Possible |
No |
|
Yes |
+ |
+ |
Error |
Possible |
+ |
+ |
– |
No |
Error |
– |
– |
|
Encryption of traffic creates a considerable load on computers whose capacities are close to the minimal system requirements for the components installed on them (read p. System Requirements). So, when traffic encryption is not needed, you can disable this mode. To do this, you should step by step switch the Server and other installed components to the Possible mode first, avoiding formation of incompatible Network Installer-Server and Agent-Server pairs. If you do not follow this recommendation it may result in loss of connection with the component and the necessity to reinstall it. |
|
By default, Enterprise Agent are installed with the Possible encryption setting. This combination means that by default the traffic will be encrypted, but it can be disabled by editing the settings of the Server without editing the settings of the components. |
As traffic between components, in particular the traffic between Enterprise Servers, can be considerable, the Dr.Web ESS anti-virus provides for compression of this traffic. The setting of the compression policy and the compatibility of settings on different components are the same as those for encryption. The only difference is that the default parameter for compression is No.
|
With the compression mode enabled, traffic is reduced, but the computational load on computers is increased considerably (more than with encryption). |