Question
The Altiris line of products fully supports the use of SSL and HTTPS?

Answer

Overview

The Altiris line of products fully supports the use of SSL and HTTPS. HTTPS is an industry standard for secure communication. Altiris has chosen to support and work with the industry standard rather than invent our own design for secure communication. By using either purchased certificates or their own custom certificates, Altiris customers have the ability to ensure that a client computer will communicate only with the server it is authenticated with. The only way to thwart this security is to gain administrator access to the Altiris client and/or Altiris server.

Altiris currently does not have any third party security certifications. It is our position that because HTTPS is already certified, we do not need to do a separate certification.

Secure Sockets Layer Protocol (SSL)

The Secure Sockets Layer protocol (SSL) is an industry standard security protocol that provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.

The SSL protocol provides connection security that has three basic properties:

• The connection is private. Encryption is used after an initial handshake to define a secret key. Symmetric cryptography is used for data encryption.
• The peer’s identity can be authenticated using asymmetric or public key cryptography.
• The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Secure hash functions are used for MAC computations.

HyperText Transmission Protocol, Secure (HTTPS)

HyperText Transmission Protocol, Secure (HTTPS) is an industry standard and a variant of HTTP used for handling secure transactions. Altiris software supports the URL access method, "https", for connecting to HTTP servers using SSL. "HTPPS" is a unique protocol that with SSL underneath HTTP. You need to use "https://" for HTTP URLs with SSL.

Note: See article DOC9500, "Configuring Notification Server to use HTTPS after ITMS installation is completed" section for ideas of how to use SSL with the Notification Server.