Secure content delivery fo patches on bigfix server

(imported topic written by Vibhash91)

How we are going to ensure that patch downloaded from differnt vendor site has not been tampered while downloading on the bigfix server, as the bigfix server download the patches from vendor site on port 80 over internet.

Please let me know how we can maitain the integrity and secure contenet delivery of the patches from vendor site on bigfix server? How we can prevent the man in the middle attack from tampering the data?

(imported comment written by BenKus)

Hi vibhash,

Good question…

The answer is that all the BES components all verify the patch is unchanged when they download them. They are able to do this because each Fixlet maintains a SHA1 checksum of each file that is downloaded by the Fixlet. The SHA1 checksum is verified by the server, the relays, and the agents. You can be sure that the SHA1 checksum hasn’t been tampered with because it is digitally signed in the Fixlet content so the Fixlets cannot be tampered with either.

So the security is already built into BES and there is nothing you need to do manually in this case.

Ben