What is Transport Layer Security protocol? - Security Center 5.7

Security Center Administrator Guide 5.7

Applies to
Security Center 5.7
Last updated
2021-12-16
Content type
Guides > Administrator guides
Language
English (United States)
Product
Security Center
Version
5.7

Transport Layer Security (TLS) is a protocol that provides communications privacy and data integrity between two applications communicating over a network. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

What you should know

Starting from Security Center 5.4, TLS is used for connections to the Directory from client workstations and expansion servers. With TLS, you have the option to enforce Directory authentication on client workstations and servers during software installation.

What are the benefits of TLS?

TLS provides numerous benefits to clients and servers over other methods of authentication, including:
Strong authentication
Authenticate the Directory to client applications, proving the identity of the server before connecting to it. Protects against man-in-the-middle (MITM) attacks.
Data integrity
All data are transmitted with an integrity check value.
Message privacy
Protects against eavesdropping.
NOTE: The potential of such threats is present only if you allow connections from the WAN (as opposed to through a secure VPN) or when your corporate network has been physically compromised.
Algorithm flexibility
Provides options for the authentication mechanisms, encryption algorithms, and hashing algorithms that are used during the secure session.
Ease of use
Most of its operations are completely invisible to the client. This allows the client to have little or no knowledge of the security of communications and still be protected from attackers.

Limitations

  • Man-in-the-middle protection is only enforced if you choose to turn on Directory authentication on each machine (Client or Server).
  • Machines running Security Center 5.3 and earlier, and Mobile Server 4.0, can only connect to Security Center 5.7 Directory using the old communication protocol.
  • Client certificate are not yet supported for Config Tool and Security Desk.

Backward compatibility

Backward compatibility is enabled by default at system installation. When the 5.7 Directory receives a connection request from Security Center 5.3 and earlier, it automatically switches to the old communication protocol (less robust against network attacks). If network vulnerability is an issue to your organization, you can disable backward compatibility, and force all machines to upgrade before they can connect to your system.