Configuring Traffic Security

This topic describes how to encrypt data in transit.

By default, ObserveIT Agents communicate with the ObserveIT Application Server by using the HTTP protocol.

As a built-in security mechanism, the ObserveIT Agents and Application Server use a token exchange mechanism to prevent session hijacking and replay, and to encrypt the data communication. The security mechanisms for this communication include encryption (Rijndael), digital signing, and token exchange.

When installing a new Application Server, by default, ObserveIT's server installation offers to create an additional website in IIS that will be configured to listen to TCP port 4884 (although it is also possible to use the regular HTTP protocol specifications and use TCP port 80 or any other TCP port).

Encryption can be enabled to further secure the communications:

  • Between the Agents and the Application Server (HTTPS)

  • Between the Application Server and the Database Server (HTTPS)

  • Between the Application Server and the file share holding the graphic images (IPsec)

HTTPS can be used on the ObserveIT website (either optional or mandatory) to protect the data transferred by the Agents to the ObserveIT Application Server.

If you are deploying more than one Application Server, you must use a network load balancing product. This can be a software-based load balancing solution such as Microsoft Network Load Balancing (NLB), or hardware-based solutions such as F5, Citrix NetScaler, or others. In that case, the digital certificate used for this traffic must be identical for all Application Servers, which can be achieved by creating it on the first Application Server, exporting it (including the private key), and importing it to the other Application Servers.

Windows and Unix/Linux Agents comply with the FIPS security standard and can be deployed on any supported FIPS-enabled machine. For details, see FIPS Compliant Agents.

On Windows systems, when key logging is enabled, data that is captured by the Agent and sent to the Application Server is encrypted (using SHA256 with the asymmetric "salt" hashing algorithm) and stored in the Database Server. However, in order to protect the keylogger data and further secure the communication, it is advised that you enable HTTPS (SSL or TLS) on the traffic between the Agent and the Application Server. Also, on Unix/Linux systems, in order to protect captured output data transmitted by the Agent to the Application Server and further secure the communication, it is advised that you enable HTTPS (SSL or TLS) on the traffic between the Agent and the Application Server. For details on how to enable HTTPS, see Enabling SSL on the ObserveIT Application Server/Web Console Server.

The following topics describe how to secure traffic between the ObserveIT Agent and the Application Server, and between the Application Server and the Database Server:

Requirements

HTTPS can be used on the ObserveIT website (either optional or mandatory) to protect the data transferred by the Agents to the ObserveIT Application Server.

If you plan to deploy more than one Application Server, you must use a network load balancing product. This can be a software-based load balancing solution such as Microsoft Network Load Balancing (NLB), or hardware-based solutions such as F5, Citrix NetScaler, or others. In that case, the digital certificate used for this traffic must be identical for all Application Servers, which can be achieved by creating it on the first Application Server, exporting it (including the private key), and importing it to the other Application Servers.

Required steps to enable traffic encryption between the ObserveIT Agents and the Application Server:

  • Obtain a digital certificate.
  • Encrypt the traffic from ObserveIT Agents to ObserveIT Application Server.
  • Configure ObserveIT Agent for Windows to use SSL.
  • Configure the ObserveIT Agent for Mac to use SSL.
  • Configure the ObserveIT Agent for Unix/Linux to use SSL.

** Go to Custom Installation Steps.