These features in Intelligent Voice use encryption
Servers using TLS
- The following are servers deployed in an IV installation which implement TLS encryption for communications:
- vrx-servlet: (required) IV application server image using Apache Tomcat
- mariadb: (required) database server
- nginx: (required) web server used as reverse proxy
- elasticsearch: (optional) search engine used by identity management feature
- jumptoweb: (optional) IV web application using Apache httpd
- verint_connector: (optional) IV connector using Apache Tomcat
- red_box_connector: (optional) IV connector using gunicorn
All servers have the same preferred algorithms:
- Protocol: Transport Layer Security (TLS) version 1.2 or 1.3
- Key Exchange: Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)
- Authentication: Elliptic Curve Digital Signature Algorithm (ECDSA)
- Encryption: Advanced Encryption Standard with 256bit key in Galois/Counter mode (AES 256 GCM)
- Hash: Secure Hash Algorithm 384 (SHA384)
Internal communication within IV uses these preferred algorithms. Third parties connecting to IV servers (e.g. API or web application) can negotiate algorithms from the supported set using standard TLS method. Known insecure algorithms have been removed.
Callback
vrx-servlet (IV application server) has a “callback” feature which, if requested, will make an encrypted connection to an external webhook. It will negotiate compatible algorithms and will use TLS 1.2 by default
IV can send e-mail notifications. If configured to send to a SMTP server which supports it, email will be sent using STARTTLS and encrypted with TLS 1.2.
Compatibility with full disk encryption
IV supports installation on servers which are configured with full disk encryption. This is a manual configuration step before installing IV, and multiple ciphers are available to choose from. For more details see your OS vendors documentation, for example:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-encryption
SSH
IV recommends using SSH for server administration. For more details on the encryption in OpenSSH see your OS vendor’s documentation, for example:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-openssh