Disco,
This is what it looks like when Enhanced Security is not enabled (this is the default), there is no encryption key deployed (this is the default) and relay authentication is not turned on (this is the default).
Client <-> HTTP Unencrypted and Interceptable <-> Relay <-> HTTP Unencrypted and Interceptable <-> Server
Good:
- Server commands are signed before submitting to relay/client preventing modification
- Client reports are signed before submitting to the relay preventing modification
Not Good:
- All communication at every level occurs in plain text (Fixed with Enhanced Security)
- There is no handshake to send a report (Fixed by enabling relay authentication)
- Reports are stored in plain text on the relays (Fixed by enabling Encrypted Reports)
- Anybody can request any file from your BigFix infrastructure without a client (Fixed by enabling relay authentication)
An important feature of the architecture is that all content that a client receives is signed by the server/operators. This means an attacker who takes control of a relay has access to the report data from your endpoints but cannot send them malicious actions.