Client Authentication
Client Authentication (introduced in version 9) extends the security model used by BigFix to encompass trusted client reports and private messages. This feature is not backward-compatible, and clients prior to version 9.0 will not be able to communicate with an authenticating relay or server.
The original security model has two central capabilities:
- Clients trust content from server. All commands and questions that clients receive are signed by a key that is verified against a public key installed on the client.
- Clients can submit private reports to server. The client can choose to encrypt reports that it sends up to the server, so that no attacker can interpret what is contained in the report. This feature is disabled by default, and is switched on with a setting.
Client Authentication extends the security model to provide the mirror image of these two capabilities:
- Server can trust reports from clients (non-repudiation). Clients sign every report that they submit to the server, which is able to verify that the report does not come from an attacker.
- Server can send private data to clients (mailboxing). The server can encrypt data that it sends to an individual client, so that no attacker can interpret the data.
Communication using an authenticated relay is a two-way trusted and private communication channel that uses SSL to encrypt all communications. However, communication between a non-authenticating relay and its children is not encrypted unless it is an encrypted report or a mailboxed action or file.
This level of security is useful for many purposes. Your company may have security policies that require authenticating relays on your internet-facing nodes, in your DMZ, or any network connection that you do not totally trust. With authentication, you can prevent clients that have not yet joined your deployment from getting any information about the deployment.