Transport Layer Security (TLS) is a protocol that provides communications privacy and data integrity between two applications communicating over a network. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
What you should know
Starting from Security Center 5.4, TLS is used for connections to the Directory from client workstations and expansion servers. With TLS, you have the option to enforce Directory authentication on client workstations and servers during software installation.
What are the benefits of TLS?
- Strong authentication
- Authenticate the Directory to client applications, proving the identity of the server before connecting to it. Protects against man-in-the-middle (MITM) attacks.
- Data integrity
- All data are transmitted with an integrity check value.
- Message privacy
- Protects against eavesdropping.NOTE: The potential of such threats is present only if you allow connections from the WAN (as opposed to through a secure VPN) or when your corporate network has been physically compromised.
- Algorithm flexibility
- Provides options for the authentication mechanisms, encryption algorithms, and hashing algorithms that are used during the secure session.
- Ease of use
- Most of its operations are completely invisible to the client. This allows the client to have little or no knowledge of the security of communications and still be protected from attackers.
- Man-in-the-middle protection is only enforced if you choose to turn on Directory authentication on each machine (Client or Server).
- Machines running Security Center 5.3 and earlier, and Mobile Server 4.0, can only connect to Security Center 5.7 Directory using the old communication protocol.
- Client certificate are not yet supported for Config Tool and Security Desk.
Backward compatibility is enabled by default at system installation. When the 5.7 Directory receives a connection request from Security Center 5.3 and earlier, it automatically switches to the old communication protocol (less robust against network attacks). If network vulnerability is an issue to your organization, you can disable backward compatibility, and force all machines to upgrade before they can connect to your system.