Traffic Encryption and Compression

The encryption mode is used to ensure the security for data transmitted over an insecure channel and to avoid the possible disclosure of valuable information and substitution of software downloaded to the protected stations.

Dr.Web Enterprise Security Suite anti-virus network uses the following cryptographic means:

Dr.Web Enterprise Security Suite anti-virus network allows to encrypt the traffic between Server and the following clients:

As traffic between components, in particular the traffic between Servers, can be considerable, the anti-virus network provides for compression of this traffic. The setting of the compression policy and the compatibility of settings on different clients are the same as those for encryption.

The encryption and compression policy is set separately for each component of the anti-virus network, at this, settings of other components should be compatible with the settings of the Server.

When coordinating encryption and compression settings on the Server and a client, please consider that certain combinations are incompatible and, if selected, will result in disconnecting the client from the Server.

Table below describes what settings provide the connection between the Server and the clients encrypted/compressed (+), when the connection will be non-encrypted/uncompressed (–) and what combinations are incompatible (Error).

Client settings	Server settings
Client settings	Yes	Possible	No
Yes	+	+	Error
Possible	+	+	–
No	Error	–	–

Encryption of traffic creates a considerable load on computers those capacities are close to the minimal system requirements for the components installed on them. So, when traffic encryption is not required to provide additional security, you can disable this mode.

To disable encryption mode, you should step by step switch the Server and other components to the Possible mode first, avoiding formation of incompatible client-Server pairs.

Using the compression mode reduces traffic, but considerably increases the memory usage and the computational load on computers, more than the encryption.

If you want to connect clients to the Server via Dr.Web Proxy server, you must consider the encryption and compression settings on all three components. At this:

•Settings of the Server and the Proxy server (here it plays a role of a client) must be conformed by the table above.

•Settings of the client and the Proxy server (here it plays a role of the Server) must be conformed by the table above.

Ability to establish a connection via the Proxy server depends on a version of the Server and a client that support certain encryption technologies:

•If the Server and the client support TLS encryption that is used in the version 11.0.1, it is enough to perform the above conditions to establish the working connection.

•If one of the components does not support TLS encryption: the Server and/or a client has the version 10 or earlier providing the GHOST encryption, the addition check is performed according to the table below.

Compatibility of the encryption and compression policy settings at using the Proxy server

Client connection settings	Server connection settings
Client connection settings	Nothing	Compression	Encryption	All
Nothing	Normal mode	Normal mode	Error	Error
Compression	Normal mode	Normal mode	Error	Error
Encryption	Error	Error	Transparent mode	Error
All	Error	Error	Error	Transparent mode

Server and client connection settings
Nothing	Neither compression nor encryption is supported.
Compression	Only compression is supported.
Encryption	Only encryption is supported.
All	Both, compression and encryption are supported.
Result connection
Normal mode	Established connection implies the operation in the normal mode—using commands processing and caching.
Transparent mode	Established connection implies the operation in the transparent mode—without commands processing and without caching. Encryption protocol version is taken minimal: if one of the components (the Server or the Agent) has version 11, and the other has version 10, the encryption of version 10 is used.
Error	Connection of the Proxy server both with the Server and with the client will be terminated.

Thus, if the Server and the Agent have different version: one has version 11, and other has version 10 and previous, then the following limitations are applied to the established connections via the Proxy server:

•Data can be cached on the Proxy server only if both of connections with the Server and with the client are established without using the encryption.

•The encryption will be used only if both of connections with the Server and with the client are established with using the encryption and the same compression parameters (compression is used for both connections or not used for both of them).

3.On the Network → Transport tab, select the necessary variant in the Encryption and Compression drop-down lists:

•Yes—enables obligatory traffic encryption (or compression) with all clients (is set by default for encryption, if the parameter has not been modified during the Server installation).

•Possible—instructs to encrypt (or compress) traffic with those components those settings do not prohibit it.

•No—encryption (or compression) is not supported (is set by default for compression, if the parameter has not been modified during the Server installation).

To centralized specify the encryption and compression policies for the Proxy server

2.Select the Anti-virus network item in the main menu of the Control Center, in the hierarchical list of the opened window, click the name of the Proxy server settings of which you want to edit or its primary group if the Proxy server settings are inherited.

3.In the opened control menu, select Dr.Web Proxy server. Settings section opens.

5.In the Settings for connection with clients section, in the Encryption and Compression drop-down lists, select the encryption and compression modes of traffic for channels between Proxy server and served clients: Agents and Agent installers.

6.In the Settings for connection with Dr.Web Servers section, you can specify the list of Servers to which the traffic will be forwarded. Select the necessary Server in the list and click

on the toolbar to edit the settings for connection with selected Dr.Web Server. In the opened window, in the Encryption and Compression drop-down lists, select the encryption and compression modes of traffic for channels between Proxy server and the specified Server.

If the Proxy server is connected to the managing Dr.Web Server for remote configuration, then the Proxy server configuration file will be rewritten according to the settings received from the Server. In this case, you must configure the settings remotely from the Server or disable the option that allows to receive configuration from this Server.

Description of the drwcsd-proxy.conf configuration file is given in the Appendices document, in the Appendix G4.

1.On the computer with the Proxy server installed, open the drwcsd-proxy.conf configuration file.

2.Edit the settings for encryption and compressions for connections with clients and the Servers.

▫If the Proxy server is run as a service of Windows OS, restart the service by the standard means of the system.

1.Select the Anti-virus Network item in the main menu of the Control Center, then click the name of a group or a station in the hierarchical list of the opened window.

3.On the General tab, in the Compression mode and Encryption mode drop-down lists, select one of the following:

•Yes—enables obligatory traffic encryption (or compression) with the Server.

•Possible—instructs to encrypt (or compress) traffic with the Server if the Server settings do not prohibit it.

5.The changes will take effect as soon as the settings will be passed to stations. If stations are offline at the time of changing the settings, the changes will be passed as soon as stations connect to the Server.

•At the remote installation from the Control Center, encryption and compression mode is set directly in the Network installation section settings.

•At local installation, the GUI installer does not provide encryption and compression changing, but these settings can be set using the command line switches during the installer launch (see the Applications, p. H2. Network Installer).

After the Agent installation, you cannot change encryption and compression settings locally on station. By default, the Possible mode is set (if other value has not been set at the installation), i.e. encryption and compression usage depends on the Server settings. However, the Agent settings can be changed via the Control Center (see above).

Dr.Web Anti-virus for Android does not support neither encryption nor compression. Connection will be impossible if the Yes value is specified for encryption and/or compression at the Server or the Proxy server (for connection via the Proxy server).

At the anti-virus installation, you cannot change encryption and compression settings. By default, the Possible mode is set.

After the anti-virus installation, you can change encryption and compression settings locally on station only in the command line mode. You can find the description of a command line mode and corresponding switches in the Dr.Web for Linux User Manual.

You cannot change encryption and compression settings locally on station. By default, the Possible mode is set, i.e. encryption and compression usage depends on the Server settings