Endpoint Application Control can use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to help ensure secure communication between the web console and the server.
TLS and its predecessor, SSL, are cryptographic protocols. These protocols help to secure communication between a web console and a server by using "long-term", asymmetric public keys to authenticate each side. Once authenticated, these protocols allow the sides to create the "short-term", symmetric secret keys used to encrypt communication between the sides during the session. It is not possible to use the public keys to reverse-engineer the secret keys.
To perform authentication, TLS/SSL protocols use X.509 certificates and asymmetric cryptography. Supporting X.509 certificates requires a certificate authority (CA) and public key infrastructure to do the following:
Generate, sign, and validate certificates
Verify the relationship between certificates and sides
Using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) can provide an important extra layer of protection. However, to perform authentication, these protocols use X.509 certificates and asymmetric cryptography. Supporting X.509 certificates requires a certificate authority (CA) and public key infrastructure. The CA can be vulnerable to man-in-the-middle (MITM) attacks. To protect against these attacks, use up-to-date versions of TLS and verify that endpoint web browsers display a green address bar when they go to the web console.
Almost all current web browsers enable "green address bar" functionality by default. For examples of the green address bar in different browsers, go to https://www.digicert.com/ssl-support/code-to-enable-green-bar.htm.
To display the green address bar on Windows XP endpoints using Internet Explorer 8, SmartScreen Filter must be enabled. To enable it, open Internet Options, go to Advanced, and then select Enable SmartScreen Filter.
Endpoint Application Control uses the highest version of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) supported by both the web server and agent endpoint.
During installation, selecting Enable TLS/SSL automatically creates the required certificate.
Topic |
Implementation Details |
---|---|
Automatically-created certificate attributes |
|
Endpoint Application Control process to establish TLS/SSL communication |
|
To learn about importing and using your own certificate with Endpoint Application Control, see Enabling TLS/SSL in the Web Server Screen topic.