cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
joes3
Engaged Sweeper III
Is all traffic between scanned device and the Lansweeper scan server encrypted or just the authentication portion of the traffic? In other words, could someone on my network run a packet sniffer and collect all the information that Lansweeper scans or will they simply get encrypted data?

Thanks,
Joe
1 ACCEPTED SOLUTION
Filip_V
Lansweeper Alumni
In regards to traffic between clients and server:

SNMP v1 and v2.c do not allow encryption, they send all information in cleartext, including the community string. This is not a limitation of Lansweeper, it is how these protocols are designed.

SNMP v3, SSH and WMI connections should be encrypted unless you went through a lot of trouble to disable the encryptions.

In regards to data as it is stored in the database itself:

Scanned data isn't encrypted in the database; only scanning credentials are. If your database is hosted in SQL Server, we recommend changing the database password for added security.

Credentials are transferred to the service memory when the Lansweeper service starts. When Lansweeper needs to pass them to a machine, it uses the default Windows authentication that's configured (most likely NTLMv2 or Kerberos). The login/password details are never sent over the wire.

View solution in original post

2 REPLIES 2
Susan_A
Lansweeper Alumni
I've deleted my previous post as it was only partially correct. Filip's answer is better. I'm marking this as the solution.
Filip_V
Lansweeper Alumni
In regards to traffic between clients and server:

SNMP v1 and v2.c do not allow encryption, they send all information in cleartext, including the community string. This is not a limitation of Lansweeper, it is how these protocols are designed.

SNMP v3, SSH and WMI connections should be encrypted unless you went through a lot of trouble to disable the encryptions.

In regards to data as it is stored in the database itself:

Scanned data isn't encrypted in the database; only scanning credentials are. If your database is hosted in SQL Server, we recommend changing the database password for added security.

Credentials are transferred to the service memory when the Lansweeper service starts. When Lansweeper needs to pass them to a machine, it uses the default Windows authentication that's configured (most likely NTLMv2 or Kerberos). The login/password details are never sent over the wire.