Security features apply to authentication and user privileges, encryption and secure communication.
Authentication and user privileges
Authentication occurs whenever a client program initiates a connection to a server program. The client passes a username and a password to the server. The server determines whether the client is allowed to connect to the server. If the connection is allowed, then privileges are granted to the client.
All passwords are encrypted. Passwords can be encrypted in the serverConnect.conf, clientConnect.conf, and brokerConnect.conf files, which are located in the BASEDIR/smarts/conf directory of each software installation. Encryption is based on a secret phrase, common to all of the applications that must interact, and is used to encrypt password fields in the authentication records. SNMPv3 passwords can also be encrypted in seed files.
Secure connections are implemented through:
- Encryption based on the site secret
- Diffie Helman-Advanced Encryption Standard (DH-AES)
- DH-AES used in conjunction with the site secret
- Transport Layer Security (TLS) v1.2 with or without Federal Information Processing Standard (FIPS) Publication 140-2 validated cryptography.
A FIPS 140 enabled Broker is able to communicate with a FIPS 140 enabled Domain Manager as well as a non-FIPS 140 enabled Domain Manager. In addition, a FIPS 140 enabled Domain Manager is able to communicate with a FIPS 140 enabled Domain Manager as well as a non FIPS 140 enabled Domain Manager.