Question:

What are the levels of encryption we use in the following communication within 7.6 HF7 and later?:

1. Agent to SMP

2. SMP to SQL

3. SMP to Active Directory (during ad import/sync)

ITMS 7.6, 8.x

Answer:

1.    SMP/Agent communication:
       a.    Data received from SMP. Crypto primitives are used to encrypt the data:

• AES-256
• SHA-256
• HMAC SHA-256
• RSA-2048
  
  Note: RC4 Ciphers are no longer used since ITMS 7.5 release

       b.    Data sent to SMP (NSEs). The same crypto primitives are used as above.
       c.    Credentials received from SMP. Different keys can be used to encrypt credentials, the legacy key can be 3DES but normally AES-256 is used, and also SHA-256 is used.
2.    SMP/SQL communication:
       a.    Can be encrypted by following Microsoft article ms189067 and the DbEncryptedConnection coresetting.
3.    SMP/Active Directory import and sync:
       a.    We use the 'Secure' flag for AD connection, which is described by Microsoft .NET as "the WinNT provider uses NTLM to authenticate the client. Active Directory Domain                  Services  uses Kerberos, and possibly NTLM, to authenticate the client."