BMC Defender Apache TLS adapter security features

The software increases the data processing security at the BMC Defender Server site beyond the native BMC Defender security features by adding extra encryption. For example:

  • Authentication and encryption of HTTP requests—The enhanced encryption software adds a secure HTTPS server to the BMC Defender so that all data transfers between a user's browser and the BMC Defender Server gets authenticated and encrypted standard TLS. This extra software includes elements required to make a self-signed security certificate for the BMC Defender installation.
  • Encryption of agent data transfers—The enhanced encryption software enables encryption to BMC Defender agent programs that supplement the native encryption features of the agent programs with published and verifiable security.
  • Secure key upload protocol—The enhanced encryption software adds a secure upload protocol, that allows easy maintenance of cryptographic keys, and furnishes the ability to upload keys to BMC Defender agents to promote secure operation periodically.

  • Encryption of archives—The enhanced encryption software enables the encryption of compressed archive data, written daily to the configured Archive folder. Specifically, the software adds a new option to the Messages > Config > Parms tab that the administrator can enable. 

    Note

    The default setting is No because this feature can slightly degrade performance and limit the interoperability of the system.

Related topics

BMC-Defender-Apache-TLS-adapter-deprecated

Security-certificates

General security policies

You can implement some of the following security strategy elements besides using BMC Defender Apache TLS adapter features:

  • Limiting access to secure platforms—The security of BMC software depends upon employing good protection at each platform executing the software. Permit only designated users to log on to the computer executing the BMC Defender Server and on to those computers executing BMC Defender agents.

  • Physical security—Monitor the physical security of the hardware and platforms. 

    Examples
    • Implement secure pass codes to network operation centers.
    • Implement tamper-resistant locks and seals.
    • Limit physical access to network devices.
  • Security awareness—Your organization should create and publish a security policy. All system users should regularly review that policy. It might be helpful to designate a data security officer to:
    • Promote security awareness.
    • Audit security policy compliance.
    • Protect cryptographic keys and modules against unauthorized access.

Any security solution should include the preceding policies. You cannot make your systems secure only by implementing data encryption. Implementing the Enhanced Encryption software package without providing physical security might actually make systems more vulnerable than before because the Enhanced Encryption software provides an illusion that the system is fully protected when, in reality, it is not.

Best practice
Maintaining good security practices and safeguarding confidential information is the responsibility of everyone in an organization. Administrators can enhance security by implementing good policies and practices, such as the enforcement of strong passwords and monitoring your system security with the BMC Defender Security Server. However, secure operation ultimately derives from vigilant monitoring of system security by all parts of the user community.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*