Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Encrypting IDF Server to DB<br />
Communication<br />
Communication between the IDF Server Plug-in and the database is not encrypted by default. This is for<br />
performance reasons and because the channel between the Server Plug-in and the database may already<br />
be secure (either they are running on the same Computer or they are connected by crossover cable, a<br />
private network segment, or tunneling via IPSec).<br />
However, if the communication channel between the IDF Server Plug-in and the database is not secure,<br />
you should encrypt the communications between them. Do this by editing the dsm.properties file<br />
located in \IDF Server Plug-in\webclient\webapps\ROOT\WEB-INF\<br />
MS SQL Server<br />
Add the following line to dsm.properties:<br />
database.SqlServer.ssl=require<br />
Save and close the file. Stop and restart the Server Plug-in service.<br />
Oracle Database<br />
Add the following lines to dsm.properties:<br />
database.Oracle.oracle.net.encryption_types_client=(3DES168)<br />
database.Oracle.oracle.net.encryption_client=REQUIRED<br />
database.Oracle.oracle.net.crypto_checksum_types_client=(MD5)<br />
database.Oracle.oracle.net.crypto_checksum_client=REQUIRED<br />
Save and close the file. Stop and restart the IDF Server Plug-in service.<br />
Note that Oracle Database must be configured to accept encrypted communication. Consult your<br />
Oracle Database documentation for instructions.<br />
Running a Client Plug-in on the Database Server<br />
Encryption should be enabled if you are using a Client Plug-in to protect the database. When you carry out<br />
a Security Update, the IDF Server Plug-in stores new DPI Rules in the database. The rule names<br />
themselves will almost certainly generate false positives as they get parsed by the Client Plug-in if the<br />
data is not encrypted.<br />
© Copyright 2010 <strong>Trend</strong> <strong>Micro</strong> Inc. www.trendmicro.com<br />
All rights reserved. - 136 -