Trend Micro Apex One uses Secure Sockets Layer (SSL) for secure communication between the
web console and the server. SSL provides an extra layer of protection against hackers.
Although
Trend Micro Apex One encrypts the passwords
specified on the web console before sending them to the Trend Micro Apex One server, hackers can still sniff
the packet and, without decrypting the packet, "replay" it to gain access to the console.
SSL tunneling prevents hackers from sniffing packets
traversing the network.
The SSL version used depends on the version that the web server supports.
When selecting SSL, Setup automatically creates an SSL certificate, which is a requirement
for
SSL connections. The certificate contains server information, public key, and private
key.
The SSL certificate should have a validity period between 1 and 20 years. The administrator
can
still use the certificate after it expires. However, a warning message appears every
time SSL
connection is invoked using the same certificate.
-
The administrator sends information from the web console to the web server through SSL connection.
-
The web server responds to the web console with the required certificate.
-
The browser performs key exchange using RSA encryption.
-
The web console sends data to the web server using RC4 encryption.
Although RSA encryption is more secure, it slows down the communication flow. Therefore,
it is
only used for key exchange, and RC4, a faster alternative, is used for data transfer.