Skip to content

Securing Data During Communication

For managing privileges on endpoints, a lightweight Securden agent has to be deployed on endpoints. The agents help enforce privilege management and application control policies on endpoints. These agents communicate with the central server periodically to pull the latest information. They also help discover applications on endpoints that run with admin privileges and help create control policies.

Communication between server and web-interface, and the database

All data transmission to and from the Securden server is encrypted. Communication between the Securden web-interface and the server happens through HTTPS. Data transmission between the Securden server and database happens through SSL. Securden helps enforce a third-party signed or a wildcard SSL certifcate. certifcate can be enforced through Securden.

Communication between agent and server

All communication between the agent and server occurs over the internet. The agent authenticates itself with an auth token generated at the time of agent deployment. All communication is handled via HTTPS and is therefore encrypted and verifed using TLS (SSL).

Data storage by the agents

Typically, the agent pulls the latest change from the server whenever access to a new application is requested. If the agent is unable to communicate with the server, the policy pulled last will be enforced. The policies stored by the agent cannot be tampered since they are encrypted using the local user credentials along with a unique key. This ensures that the agent cannot be tampered with even if anyone manages to gain access to the encryption key.

Accessing the server from mobile application

Administrators in Securden and users tasked with managing privilege requests can access the server from their mobile through the Securden EPM mobile application. The communication between the app and server is just as secure and no credentials are cached locally.

Communication between AD, remote connector, and the server

If the EPM (Cloud Edition) solution is working with a on premise Active Directory instance, a remote connector should be deployed in a device that can reach the server on which AD is hosted. The communication from the remote connector and the AD instance is one way only and an inbound port needs to be opened in the frewall of the device running the directory. This communication between AD and remote connector is encrypted and handled via SSL. The remote connector communicates with the Securden server via HTTPS and encrypted and verifed through TLS (SSL). The remote connector authenticates itself with the server through a unique auth token.

Design Highlights

  • Encrypted communication between server and interface
  • HTTPS based communication between server and agent
  • Policies are encrypted and locally stored
  • Encrypted communication with remote connector