How BMC Remedy Encryption Security enables secure communication between the client and server
Cryptography protects important data as it passes through an unsecured medium such as, a computer network. The services provided by BMC Remedy Encryption Security are data confidentiality, integrity, and authentication.
Encryption enables the BMC Remedy Action Request System (BMC Remedy AR System) server and its clients to communicate securely over a network by encrypting the messages sent between them. At the beginning of every client and server connection, a key exchange protocol negotiates shared encryption keys between the client and server. These keys encrypt all communication between the client and server, ensuring that the communication is secure and that third parties cannot decipher the messages in transit. The encryption options do not encrypt the communication between the browser and the BMC Remedy Mid Tier. The encryption between the browser and mid tier requires the X.509 certificate to be installed on the mid tier or on the load balancer depending upon your deployment and security requirements. Data encryption is invisible to users.
The BMC Remedy AR System client libraries provide built-in encryption capabilities that can be enabled to secure the connection to the AR System server. Higher levels of encryption are available from BMC if you need stronger encryption. BMC Remedy AR System is also tested with database encryption products from your database vendor to ensure that this connection can be encrypted. The communication between the AR System server and the database are not natively encrypted. The encryption is subject to the capabilities provided by the database vendor.
BMC Remedy Encryption Security includes:
- Standard security — This level of encryption is built into the BMC Remedy AR System 8.1 API. You do not purchase or install it separately. Its algorithm is 56-bit Data Encryption Standard (DES ) using Cipher Block Chaining (CBC ) mode. It uses a 512-bit RSA modulus to exchange keys and MD5 MAC to authenticate messages. By default, standard security is disabled. To enable it, see Configuring BMC Remedy Encryption Security.
- BMC Remedy Encryption Performance Security (BMC Remedy Encryption Performance)— This optional product is installed separately. It provides the following types of encryption:
- RC4 with a 128-bit key for data encryption and a 1024-bit modulus for the RSA key exchange.
- AES CBC with a 128-bit key for data encryption and a 1024-bit modulus for the RSA key exchange. It uses SHA-1 for message authentication. This option supports the minimum Federal Information Processing Standard (FIPS) 140-2 encryption requirements. See FIPS encryption options.
- BMC Remedy Encryption Premium Security (BMC Remedy Encryption Premium) — This optional product is installed separately and it provides the following types of encryption:
- RC4 with a 2048-bit key for data encryption and a 2048-bit modulus for the RSA key exchange.
- AES CBC with a 256-bit key for data encryption and a 2048-bit modulus for the RSA key exchange. It uses SHA-1 for message authentication. This option supports premium FIPS 140-2 encryption requirements. See FIPS encryption options.
BMC Remedy Encryption Security includes third-party encryption software developed by the OpenSSL Project for use in the OpenSSL toolkit (see http://www.openssl.org/ ).