Document Number: OSUP1055
Product: Observer 10.x
Date: 03-29-2005
Title: Observer Shared-key encryption vs. Standard Data Encryption
Keywords: Connection, Encryption, Key File, Probe Redirection Error, Authentication Negotiation Error, DES 3
Observer, Multi Probe, and Expert Probe all have two types of data encryption available to secure data as it is transferred from the Probe to an Observer console.
Shared Key (OEK) Encryption: Enable this by checking the "Use Observer Encryption Keys" option box located on the Security Tab in Observer General Options, or, on a Probe, from the Probe Options menu. You must also then generate the shared keys using the Observer Encryption Key utility, which is included in the Expert Observer or Expert Probe installation directory.
Dynamic Session Key (DSK) Encryption: Enable this by checking the "Encrypt Data" option box located on the Security tab in Observer Memory, Security and Administration, or from the Security tab on a Probe.
You may enable one, both, or neither of these encryption options.
When Observer connects to a Probe, it first authenticates that Probe. This initial communication is always encrypted with DES3. Depending on which encryption options are enabled, subsequent data is encrypted (or not encrypted) in the following manner:
Use Observer Encryption Keys |
Encrypt data |
Effect |
Enabled |
Enabled |
All Probe/Console communications are DES3-encrypted using a shared (.OEK) key file. |
Enabled |
Disabled |
Only the initial authentication handshake is DES3-encrypted via the shared OEK file; all other communications are unencrypted. |
Disabled |
Enabled |
All Probe/Console communications are DES3-encrypted using a DSK. |
Disabled |
Disabled |
Only the initial authentication handshake is DES3-encrypted using a DSK; all other communications are unencrypted |
|
