2.9.2 Security of Data Over the Network
Because the CIM data that are transferred across a network connection can potentially hold sensitive information, it is important to help secure it from tampering or accidental disclosure. The CIM data has to be encrypted to prevent that malicious third parties recover the data.
The WSMAN protocol supports the transport of messages by using HTTPS, as specified in [MS-WSMAN] section 1.4. Traffic that is sent over HTTPS is encrypted, and only the appropriate receiving party can decrypt the data.
The WSMV protocol supports the transport of messages by using HTTPS, as specified in [MS-WSMV] section 1.4. Traffic that is sent over HTTPS is encrypted, and only the appropriate receiving party can decrypt the data.
The WSMV protocol also supports the transport of encrypted messages by using HTTP as a transport, as specified in [MS-WSMV] section 2.2.9.1. By using HTTP as a transport, messages can be encrypted in situations when HTTPS encryption is not possible, such as when the required certificates are not deployed.
The WMI protocol supports the transport of messages by using the DCOM Remote Protocol, as specified in [MS-WMI] section 2.1.
DCOM specifies a set of constants that convey the level of authentication.
PSRP includes a mechanism for secure key exchange, which allows passwords to be exchanged securely even over a nonencrypted transport, as specified in [MS-PSRP] section 3.2.5.4.4.