sjacksonat_private said: > We at AXENT recognized that this methodology was not as secure as desired. > We have enhanced the communications security between servers and clients to > utilize a Diffie-Helman key for the session, Could you tell us exactly how you verify that you are talking to an authentic server or client? Anyone can have exchange a key with DH to have a secure conversation with someone, but if you cannot verify that that someone is who you intend it to be, then it is prone to a simple man in the middle attack. With ESM's ability to update both the client and the server with either corrected configurations or updated policies, it is critically important that there exists strong *authentication* as well as strong *communication*. > combined with encrypting every > packet across the wire using DESX encryption. This has been available since > ESM 4.5 shipped in March of 1998. Did ESM 4.5 ship? I thought it was only ever early-released? Paul
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:01 PDT