Security Configuration: Network Encryption

Tags: Version 11.4

You can configure RSA NetWitness Platform to send or receive data from external data sources.

Note: RSA recommends that whenever you have the option to choose between unsecured and secured versions of a communication protocol, you choose the secured version.

NetWitness Platform Web Server Communications

The RSA NetWitness Platform UI or web server which communicates with the Live Service (CMS) over port 443 using the HTTPS protocol.

Note: During installation, the system is engineered to set the default communication protocol to HTTPS over port 443.

Reporting Engine, ESA and Warehouse Connector : External Communication

RSA recommends that you use the secure tcp protocol and enable an SSL connection while configuring Reporting Engine, ESA, Warehouse Connector, Licensing, and Malware.

For more information on Reporting Engine, see "Configure Output Actions" topic in the Host and Services Configuration Guides.

For more information on Malware external communication, see " Configure Malware Analysis Operating Environment" topic in the Host and Services Configuration Guide.

For more information on ESA, see " Notification Methods" topic in the Alerting Using ESA Guide.

For more information on the Warehouse Connector, see "Configure Warehouse Connector" topic in the Host and Services Configuration Guide.

For more information on Licensing, see "Configure NetWitness Platform Notifications" topic in the Licensing Management Guide.

Log Collector Service

To help secure communication between the Log Collector service running on the Log Decoder and the event sources, RSA recommends the following protocols.

Event Source: File
Protocol: SFTP, SCP, FTPS
Resources: For more information, see " File Collection Protocol Configuration" topic in the Log Collection Guide.

Event Source: ODBC
Protocol: ODBC
Resources:
For more information on configuring an ODBC event source, see "ODBC Collection Configuration" topic in the Log Collection Guide.

Note: Depending on the event source, administrators can configure additional progress driver parameter for secure connections. For more information, see Progress document at https://www.progress.com/odbc/resources/documentation/books-and-readme-file.

For more information on using a certificate, see the certificate creation kit at http://openssl.org/.

For more information on securing communication with SQL Server, Oracle, and ODBC, see the URLs:
http://technet.microsoft.com/en-us/l...QL.105%29.as

http://technet.microsoft.com/en-us/l.../cc754431.aspx

http://www.oracle.com/technetwork/database/options/advanced-security/overview/index.html

http://www.psdn.progress.com/progres...92/odr/odr.pdf

Event Source: Windows
Protocol: HTTPS
Resources: For more information on configuring a Windows event source to use certificates and enable HTTPS, see the NetWitness Platform 11.4 help topics in the Windows Collection Configuration Guide.

Event Source: Check Point
Protocol: OPSEC LEA
Resources: For more information on configuring a Check Point event source to use certificates, see the NetWitness Platform 11.4 help topics in the Check Point Collection Configuration Guide.

Event Source: Netflow
Protocol: Netflow
Resources: For more information on configuring a Netflow event source to use certificates, see the NetWitness Platform 11.4 help topics in the Netflow Collection Configuration Guide.

Event Source: SDEE
Protocol: SDEE
Resources: For more information on configuring a SDEE event source to use certificates, see the NetWitness Platform 11.4 help topics in the SDEE Collection Configuration Guide.

Event Source: SNMP
Protocol: SNMP
Resources: For more information on configuring a SNMP event source to use certificates, see the NetWitness Platform 11.4 help topics in the SNMP Collection Configuration Guide.

Event Source: VMware
Protocol:
Resources: For more information on configuring a VMware event source to use certificates, see the NetWitness Platform 11.4 help topics in the VMware Collection Configuration Guide.

Event Source:
Legacy Windows and NetApp
Protocol:
Resources:
For more information on configuring a Legacy Windows event source to use certificates, see the NetWitness Platform 11.4 help topics in the Legacy Windows and NetApp Collection Configuration Guide

Event Source: Amazon Web Services (AWS) Cloud Trail
Protocol: HTTPS
Resources: For more information on configuring an AWS Cloud Trail event source to use certificates, see the NetWitness Platform 11.4 help topics in the AWS (CloudTrail) Collection Configuration Guide.

Note: For more information on enabling SSL for component communications, see Component Authentication.

Enabling HTTPS on REST Interfaces for Core Services

To enable HTTPS on REST interfaces:

Log in to REST interface.
Go to the rest > config node.
Set SSL config to on.
Restart the service.

Previous Topic: Communication Security Settings

Next Topic: Data Security Settings

You are here

Table of Contents > Security Configuration Settings > Communication Security Settings > Network Encryption