Home > Success Center > Web Performance Monitor (WPM) > Security protocols and encryption algorithms used by Web Performance Monitor (WPM)

Security protocols and encryption algorithms used by Web Performance Monitor (WPM)

This article describes in detail which security protocols and encryption algorithms are used by SolarWinds Web Performance Monitor and the WPM Player.

Communication Between the WPM Server and a Player

WPM uses remote players for the playback of transactions. Communication to and from players uses the standard HTTPS protocol by default. It is possible to switch the protocol to non-secure HTTP manually through the configuration files.

Communication Protocol: HTTPS
Encryption: SSL/TLS

  • HTTPS: HyperText Transfer Protocol Secure is a combination of the HyperText Transfer Protocol (HTTP) with the SSL/TLS protocol.
  • Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that provide communication security over the Internet. SSL and TLS encrypt the segments of network connections at the Transport Layer, using asymmetric cryptography (a cryptographic system requiring two separate keys) for key exchange, symmetric encryption (these are algorithms for cryptography that use the same cryptographic keys) for privacy, and message authentication codes (an algorithm that accepts a secret key as input) for message integrity.

Credentials Stored on a Player

WPM players save all received recordings in a local database. Recordings are saved in plain XML with encrypted passwords and key-press actions.

This sensitive information is encrypted using Triple-DES encryption through Microsoft's .NET Framework ProtectedData class. The key used for encryption is unique to each computer ensuring that data cannot be decrypted on a different machine.

Encryption: Symmetric Triple-DES (168bit)

  • Triple DES is the name for the Triple Data Encryption Algorithm block cipher, (a deterministic algorithm operating on fixed-length groups of bits) which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.

Credentials Stored in the WPM Database

Credentials in recordings that are saved in main WPM database are encrypted using X.509 certificate asymmetric RSA encryption (X.509 is an ITU-T standard for a Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm). A certificate for this encryption is generated during the installation of WPM and is stored on the WPM server. Data cannot be decrypted without access to this certificate.

Encryption: X.509 Certificate Asymmetric RSA

Recordings Exported to .Recording File

WPM allows the exporting of recordings that are saved as individual files. By default, these files are plain XML with encrypted passwords and key-press actions. This data is encrypted using AES encryption with a 256-bit WPM specific key. To provide another level of security, the user can specify a password during the export operation to encrypt the entire recording. This additional encryption step uses AES encryption using the user-defined password. The recording can be decrypted only by using the same user-defined password.

Encryption: Symmetric AES 256bit (Advanced Encryption Standard (AES), the block cipher ratified as a standard by the National Institute of Standards and Technology of the United States.)

Viewing 2 of 2 comments: view all
Interspire author is Dan Rivera
Posted 19:18, 26 Jun 2015
Interspire author is Dan Rivera
Posted 19:40, 14 Aug 2015
Viewing 2 of 2 comments: view all
You must to post a comment.
Last modified
13:52, 9 Feb 2017