NMS 4.3 Encryption functionality - customer assistance needed if you can help

Discussion created by birda06 Employee on Aug 28, 2010
Latest reply on Aug 1, 2017 by Martin.Fink



Is anyone deeply familar with our encryption functinality between robots and hubs?  We have a pre-sales situation that is getting a bit sticky as the client is questioning our methodolgoy with our robot to hub encryption. 


Here is the customer request verbatim - after he was pointed to our admin guide @


> Page 161 actually says the exact opposite of what you claim it says.  As stated on page 161: "The SSL feature only encrypts network traffic.  It is not used for authentication."


> A man-in-the-middle (MITM) attack works in cases of weak or non-existent authentication.  I am able to get the attack to work in the Nimsoft environment even with the hub set accordingly to the instructions on page 161.  The reason for this is that anything that presents a SSL service with self-signed certificate is permitted to receive and retransmit the packets between the hub and robot.


> As stated in the Wikipedia page on MITM attacks: "A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other - it is an attack on mutual authentication. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL authenticates the server using a mutually trusted certification authority."


> I was hoping I could work with someone within Nimsoft that has a strong understanding of computer security and the SSL/TLS protocol.


We can recommend that he makes every server a hub - as the tunnels would have a certifcate based communicaiton - but the reality is that deployment could be very cumbersome. 


Looking for help here - including Product Management and Development if they have any ideas.  This will be coming up again + again and it would be great to get our story in order now.