Activating HTTPS-Only mode for DataCove
Why use HTTPS-only mode for DataCove?
In our world of ever-increasing cyberthreats, one method of communication that has persisted since the beginnings of the Internet has been steadily going away from production systems: HyperText Transfer Protocol, better known as the HTTP you’d always see in the URL of your browser. It’s even in the browser being used to view this very website right now.
The version of HTTP that is displaying this article is a bit fancier than the relatively aged original version however, in that it provides encryption of the traffic being sent back and forth using it, as well as identity authentication via Secure Sockets Layer (SSL) Certificates. It is known as “HyperText Transfer Protocol - Secure” or HTTPS, which has near completely supplanted the use of regular HTTP communications for most websites, especially since all major web browsers have begun using it by default some years ago.
This encryption greatly reduces the chances for casual prying eyes, such as ISPs or potential attackers using simple Man-In-The-Middle (MitM) styles of attack, to read the data being sent between the local workstation (client) and remote host (server). If you’ve ever heard the terms of transmission of data in “plaintext” or “cleartext,” those are referencing the use of unencrypted communications where the data can be easily read by anyone snooping on the line. Usernames and passwords were common targets for these types of attacks.
HTTPS websites also require a Secure Sockets Layer (SSL) Certificate, a means of providing authentication from trusted third party purveyors known as Certificate Authorities (CA). These CAs are fundamental components to what is known as the Public Key Infrastructure (PKI) model of security, which provide these “trust services” to companies looking to serve data to the public by validating that the company is the owner of a website, and not an individual or group trying to masquerade as that company for malicious purposes.
As a result, almost all websites have been forced to provide certificated HTTPS access by default or risk being faced with the dreaded “site not secure,” browser warning, a significant deterrent for many users to continue onwards and one that many system administrators teach their users specifically to watch out for, as it’s often a harbinger of risky dealings ahead.
With that background covered, DataCove supports both HTTP and HTTPS with both services active by default. Since DataCove requires a username and password to log into, it’s technically feasible to eavesdrop on a communication with the system and obtain that username and password in the plaintext conversation between the client workstation and the DataCove server. Most organizations keep their DataCove inside their network without any external access, and while that has been nominally fine in terms of security as the risk is perceived as low inside the network perimeter, the new Zero Trust models of cybersecurity do suggest fortifying any and all systems as much as possible to reduce the potential attack surfaces and methods available to malicious actors. To that end, one of the simplest changes one can make to enhance the security of their DataCove is implementation of secure-by-default protocols for any network communication it has, especially browser based communication.
Deactivating HTTP access on DataCove and using HTTPS only is a simple and effective means of adding another layer of protection to your system. The steps below will cover how to perform this, and any considerations for additional tools that may be in use.
Configuring HTTPS-only communications for DataCove’s web interface
It is highly recommended to install an SSL Certificate onto the DataCove before beginning this procedure. While DataCove possesses a default self-signed HTTPS certificate to enable the service itself, it is not of an appropriate strength for secure communications.
Instructions on how to install a certificate that can be found on this article: https://datacove.net/knowledge-base/uploading-an-ssl-certificate-to-datacove
Note: If your DataCove is hosted by Tangent, an SSL certificate is already loaded onto your system and it is safe to proceed ahead.
To begin, open a web browser and navigate to DataCove using the HTTPS protocol.
This can be manually typed out as HTTPS://IP.Address.Goes.Here or HTTPS://Datacove.domainname.com if a DNS record is live for the system.
Log in to DataCove, and then navigate to Configuration using the top header menu.
Select Network Server Control from the left hand side menu.
A list of running services will be presented on the screen, most often including HTTP, HTTPS and SSH. Running services are shown at the top of the screen, and inactive services are at the bottom.
Note: All services can be deactivated on the DataCove except HTTPS, as that is critical to system functionality. Disabling other services can help improve the security posture of the system further, but may make the system more difficult to troubleshoot.
Select the downward facing red arrow in line with the HTTP service to deactivate the service.
Once the service has been deactivated, a prompt will appear in green text in the upper left hand corner of the screen specifying the service has been stopped, and the HTTP service will now be in the Inactive Services section towards the bottom of the screen.
With HTTP now offline, all HTTP requests to the web interface of the machine will be automatically redirected to using the HTTPS protocol and HTTPS-only mode is now live.
Note: If the Outlook Connector is in use for email search and retrieval within the Outlook client, please continue reading further for additional steps. If it is not in use, this step concludes the article.
Configuring HTTPS-only mode for DataCove’s Outlook Connector
If the Outlook Connector tool is in use internally, it will need to be configured to use HTTPS by default as well.
This is performed within the Outlook client by selecting the Email Archiver tab in the File menu, and then selecting Settings.
Under the Settings section, check the Use HTTPS box below the Password field.
Select OK after checking the Use HTTPS box.
This will force all communications from the Outlook Connector to now route over HTTPS by default.
With this change made, configuration of HTTPS-only mode for DataCove and its Outlook Connector is now complete and the system is now set for a more secure future.