Does DLP support "Mutual Authentication" for TLS communications?

book

Article ID: 220544

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You are seeking answers about mTLS.

Firstly, "mTLS" is basically a more recent term for what has previously been called "mutual Authentication" or "mutual TLS" - see wikipedia on this topic.

 

Cause

DLP comes out of the box with default mechanisms to ensure secure communications between servers. Installing DLP to Endpoint Agents also uses mutual authentication.

Environment

Release : 15.8

Component :

Resolution

  1. Some of our communications using TLS: 
    1. Enforce server çè Detection Server: Uses Mutual Authentication via self-signed certs, using SSLKEYTOOL, which is configured via command line as per documentation.
    2. Endpoint server ç è Endpoint Agents: This is DLP's self-signed CA mechanism, where each Agent Package has its own certificate as configured via the Enforce Server.
  2. “If yes (i.e., only authenticated with client certs), how are the certifications issued to limit excessive access?”
    • As above, each of the certificates using Mutual Authentication are configured by DLP Administrators; they require no secondary authentication by Detection Servers and Endpoint Agents (or their users) once setup.