Security

Reply
Frequent Contributor II

Clearpass directory/disk encryption

I'm trying to understand more about the local Clearpass server encryption and what is actually encrypted vs. what is not.  I found another thread here:

 

http://community.arubanetworks.com/t5/Security/Does-Clearpass-provide-disk-or-file-encryption/td-p/248380

 

Where the final response was "So we don't use drive level encryption, we do encrypted the data within certian DB's columns and encrypt certain directories using AES-256 in CBC mode. "

 

So the only questions I have regarding the above statement are:

 

Are the directories holding database information, device information (shared secret for tacacs/radius), and other sensitive data encrypted?

and

 

Where are these directories on the actual server itself?

rwin = 0

Re: Clearpass directory/disk encryption

Have you read the ClearPass Hardening guide:

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=27668
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II

Re: Clearpass directory/disk encryption

Hi Victor,

 

It looks like in that document it answers one of my questions:

 

"All sensitive data directories are protected using AES -128 encryption. "

 

But now I'm wondering what ClearPass considers a "sensitive data directory".  Would that be all databases, device configurations (shared secrets), etc?

rwin = 0

Re: Clearpass directory/disk encryption

Patrick,

 

It seems to me that asking the question is answering it as a secret is something sensitive by definition. If you need a definitive answer, I would contact Aruba TAC and/or your local Aruba contact to get it verified/confirmed by Product Management.

 

Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: