Control Manager has three security levels used for communication between the server and managed products and child servers for both older agents and MCP agents. For MCP agents, Security Level applies to the virtual folders of IIS, and there are three different levels: high, medium and normal.
High: Specifies Control Manager communicates only using HTTPS
Medium: Specifies Control Manager uses HTTPS to communicate when available, but uses HTTP when HTTPS is not available
Normal: Specifies Control Manager uses HTTP to communicate
The security behavior correspond to each security level listed below:
Features
Security Level
High
Medium
Normal
Supports only HTTPS UI access
Yes
Supports HTTPS and HTTP UI access
Supports redirect to HTTPS or HTTP product UI
Only integrates with HTTPS supported products (MCP)
Integrates with both HTTP and HTTPS supported products
Supports TVCS 1.x agent
Allow products to download updates from Control Manager through either HTTP or HTTPS
Depending on the security level of older agents, Control Manager provides the following encryption and authentication, Control Manager has three security levels used for communication between the server and managed products and child servers.
(found in TMI.cfg)
Security Level Selection (During Installation)
End-to-End Authentication
Message-level Encryption
1
Low
n/a
40-bit (RC4)
2
128-bit (RC4)
5
Trend Micro authentication
128-bit (RC4 + 3DES)
Depending on the security level, Control Manager provides the following encryption and authentication:
SSL packet-level encryption
Control Manager applies Secure Socket Layer (SSL) packet-level encryption to all security levels. SSL packet-level encryption is a protocol developed by Netscape for secure transactions across the Web. SSL uses a form of public key encryption, where the information can be encoded by the browser using a publicly available public key, but can only be decoded by a party who knows the corresponding private key.
The Control Manager agents can encrypt their communication using the public key. In return, the Control Manager server uses a private key to decrypt the agent message.
Control Manager applies Trend Micro authentication 5 (High) security level.
When using High level, Control Manager first applies the SSL packet-level encryption and then further strengthens the encryption through Trend Micro authentication.
You can modify the Control Manager security level through TMI.cfg. However, doing so requires the modification of all TMI.cfg present in the Control Manager network — TMI.cfg of the Control Manager server including all managed products and child servers. Otherwise, the server and agent communication will not work.