Traffic Encryption and Compression

The encryption mode is used to ensure the security for data transmitted over an insecure channel and to avoid the possible disclosure of valuable information and substitution of software downloaded to the protected stations.

Dr.Web Enterprise Security Suite anti-virus network uses the following cryptographic means:

Electronic digital signature (GOST R 34.10-2001).

Asymmetric encryption (VKO GOST R 34.10-2001 – RFC 4357).

Symmetric encryption (GOST 28147-89).

Cryptographic hash function (GOST R 34.11-94).

Dr.Web Enterprise Security Suite anti-virus network allows to encrypt the traffic between Server and the following clients:

Dr.Web Agents.

Dr.Web Agent installers.

Neighbor Dr.Web Servers.

Dr.Web Proxy-servers.

As traffic between components, in particular the traffic between Servers, can be considerable, the anti-virus network provides for compression of this traffic. The setting of the compression policy and the compatibility of settings on different clients are the same as those for encryption.

Settings Compatibility Policy

The encryption and compression policy is set separately for each component of the anti-virus network, at this, settings of other components should be compatible with the settings of the Server.

When coordinating encryption and compression settings on the Server and a client, please consider that certain combinations are incompatible and, if selected, will result in disconnecting the client from the Server.

Table below describes what settings provide the connection between the Server and the clients encrypted/compressed (+), when the connection will be non-encrypted/uncompressed (–) and what combinations are incompatible (Error).

Compatibility of the encryption and compression policy settings

Client settings

Server settings

Yes

Possible

No

Yes

+

+

Error

Possible

+

+

No

Error

warning

Encryption of traffic creates a considerable load on computers those capacities are close to the minimal system requirements for the components installed on them. So, when traffic encryption is not required to provide additional security, you can disable this mode.

To disable encryption mode, you should step by step switch the Server and other components to the Possible mode first, avoiding formation of incompatible client-Server pairs.

 

Using the compression mode reduces traffic, but considerably increases the memory usage and the computational load on computers, more than the encryption.

Connection via Dr.Web Proxy Server

If you want to connect clients to the Server via Dr.Web Proxy server, you must consider the encryption and compression settings on all three components. At this:

Settings of the Server and the Proxy server (here it plays a role of a client) must be conformed by the table above.

Settings of the client and the Proxy server (here it plays a role of the Server) must be conformed by the table above.

Ability to establish a connection via the Proxy server depends on a version of the Server and a client that support certain encryption technologies:

If the Server and the client support TLS encryption that is used in the version 11.0.2, it is enough to perform the above conditions to establish the working connection.

If one of the components does not support TLS encryption: the Server and/or a client has the version 10 or earlier providing the GHOST encryption, the addition check is performed according to the table below.

Compatibility of the encryption and compression policy settings at using the Proxy server

Client connection settings

Server connection settings

Nothing

Compression

Encryption

All

Nothing

Normal mode

Normal mode

Error

Error

Compression

Normal mode

Normal mode

Error

Error

Encryption

Error

Error

Transparent mode

Error

All

Error

Error

Error

Transparent mode

Abbreviations

Thus, if the Server and the Agent have different version: one has version 11, and other has version 10 and previous, then the following limitations are applied to the established connections via the Proxy server:

Data can be cached on the Proxy server only if both of connections with the Server and with the client are established without using the encryption.

The encryption will be used only if both of connections with the Server and with the client are established with using the encryption and the same compression parameters (compression is used for both connections or not used for both of them).

Encryption and Compression Settings on the Server

To specify the encryption and compression policies of the Server

1.Select the Administration item in the main menu of the Control Center.

2.In the opened window, click Dr.Web Server configuration in the control menu.

3.On the Network → Transport tab, select the necessary variant in the Encryption and Compression drop-down lists:

Yes—enables obligatory traffic encryption (or compression) with all clients (is set by default for encryption, if the parameter has not been modified during the Server installation).

Possible—instructs to encrypt (or compress) traffic with those components those settings do not prohibit it.

No—encryption (or compression) is not supported (is set by default for compression, if the parameter has not been modified during the Server installation).

warning

When configuring encryption and compression on the Server, please consider the features of the clients which are planning to be connected to this Server. Not all clients support traffic encryption and compression.

Encryption and Compression Settings on the Proxy Server

To centralized specify the encryption and compression policies for the Proxy server

info

If the Proxy server is not connected  to Dr.Web Server for remote settings control, configure the connection as described in p. Connecting the Proxy Server to Dr.Web Server.

1.Open the Control Center of the managing Server for the Proxy server.

2.Select the Anti-virus network item in the main menu of the Control Center, in the hierarchical list of the opened window, click the name of the Proxy server settings of which you want to edit or its primary group if the Proxy server settings are inherited.

3.In the opened control menu, select Dr.Web Proxy server. Settings section opens.

4.Go to the Listen tab.

5.In the Settings for connection with clients section, in the Encryption and Compression drop-down lists, select the encryption and compression modes of traffic for channels between Proxy server and served clients: Agents and Agent installers.

6.In the Settings for connection with Dr.Web Servers section, you can specify the list of Servers to which the traffic will be forwarded. Select the necessary Server in the list and click icon-new-edit on the toolbar to edit the settings for connection with selected Dr.Web Server. In the opened window, in the Encryption and Compression drop-down lists, select the encryption and compression modes of traffic for channels between Proxy server and the specified Server.

7.To save all the specified settings, click Save.

To locally specify the encryption and compression policies for the Proxy server

info

If the Proxy server is connected to the managing Dr.Web Server for remote configuration, then the Proxy server configuration file will be rewritten according to the settings received from the Server. In this case, you must configure the settings remotely from the Server or disable the option that allows to receive configuration from this Server.

 

Description of the drwcsd-proxy.conf configuration file is given in the Appendices document, in the Appendix G4.

1.On the computer with the Proxy server installed, open the drwcsd-proxy.conf configuration file.

2.Edit the settings for encryption and compressions for connections with clients and the Servers.

3.Restart the Proxy server:

For Windows OS:

If the Proxy server is run as a service of Windows OS, restart the service by the standard means of the system.

If the Proxy server is run in console, press Ctrl+Break.

For UNIX system-based OS:

Send the SIGHUP signal to the Proxy server daemon.

Execute the following command:

For Linux OS:

/etc/init.d/dwcp_proxy restart

For FreeBSD OS:

/usr/local/etc/rc.d/dwcp_proxy restart

Encryption and Compression Settings on Stations

To centralized specify the encryption and compression policies of stations

1.Select the Anti-virus Network item in the main menu of the Control Center, then click the name of a group or a station in the hierarchical list of the opened window.

2.In the opened control menu, select Connection parameters.

3.On the General tab, in the Compression mode and Encryption mode drop-down lists, select one of the following:

Yes—enables obligatory traffic encryption (or compression) with the Server.

Possible—instructs to encrypt (or compress) traffic with the Server if the Server settings do not prohibit it.

No—encryption (or compression) is not supported.

4.Click Save.

5.The changes will take effect as soon as the settings will be passed to stations. If stations are offline at the time of changing the settings, the changes will be passed as soon as stations connect to the Server.

Dr.Web Agent for Windows

Encryption and compression settings can be set at the Agent installation:

At the remote installation from the Control Center, encryption and compression mode is set directly in the Network installation section settings.

At local installation, the GUI installer does not provide encryption and compression changing, but these settings can be set using the command line switches during the installer launch (see the Applications, p. H2. Network Installer).

After the Agent installation, you cannot change encryption and compression settings locally on station. By default, the Possible mode is set (if other value has not been set at the installation), i.e. encryption and compression usage depends on the Server settings. However, the Agent settings can be changed via the Control Center (see above).

Dr.Web Anti-virus for Android

Dr.Web Anti-virus for Android does not support neither encryption nor compression. Connection will be impossible if the Yes value is specified for encryption and/or compression at the Server or the Proxy server (for connection via the Proxy server).

Dr.Web Anti-virus for Linux

At the anti-virus installation, you cannot change encryption and compression settings. By default, the Possible mode is set.

After the anti-virus installation, you can change encryption and compression settings locally on station only in the command line mode. You can find the description of a command line mode and corresponding switches in the Dr.Web for Linux User Manual.

Also, the station settings can be changed via the Control Center (see above).

Dr.Web Anti-virus for macOS

You cannot change encryption and compression settings locally on station. By default, the Possible mode is set, i.e. encryption and compression usage depends on the Server settings

The station settings can be changed via the Control Center (see above).