software provides three levels of security above cleartext communication: Diffie Helman-Advanced Encryption Standard (DH-AES), encryption based on the site secret, and DH-AES used in conjunction with the site secret.
Any encryption based on the site secret should only be used once the secret phrase has been changed by using sm_rebond described in “Changing the secret” on page 100.
Encryption levels for connections lists the four types of encryption connections.
| Security level |
Description |
Advantages |
Disadvantages |
|---|---|---|---|
| 0, CLEAR, or CLEARTEXT |
no encrypted communication |
Backwards compatibility, no configuration (default behavior) |
No security, passwords passed to servers as cleartext |
| 1 |
DH-AES |
No site secret needed, no configuration (default behavior for new installations), protects against eavesdroppers |
Slower connection than cleartext or level 2 security, not secure against active attacks |
| 2 |
Encryption based on site secret |
Protects against eavesdropping and active attack, almost as fast as cleartext |
Must set site secret and keep it common across all communicating entities |
| 3 |
DH-AES and site secret |
Protects against eavesdropping and active attack, even by those who know the site secret |
Slower connection than cleartext or level 2 security, must set site secret and keep it common across all communicating entities |
The Global Console supports both cleartext (Level 0) and Diffie Helman-Advanced Encryption Standard (Level 1) encrypted connections.
