What are the levels of encryption we use in the following communication within 7.6 HF7 and later?:
1. Agent to SMP
2. SMP to SQL
3. SMP to Active Directory (during ad import/sync)
1. SMP/Agent communication:
a. Data received from SMP. Crypto primitives are used to encrypt the data:
b. Data sent to SMP (NSEs). The same crypto primitives are used as above.
c. Credentials received from SMP. Different keys can be used to encrypt credentials, legacy key can be 3DES but normally AES-256 are used and also SHA-256 is used.
2. SMP/SQL communication:
a. Can be encrypted by following Microsoft article ms189067 and the DbEncryptedConnection coresetting.
3. SMP/Active Directory import and sync:
a. we use 'Secure' flag for AD connection, which is described by Microsoft .NET as "the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client."