Security

 View Only
last person joined: 3 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass directory/disk encryption

This thread has been viewed 14 times
  • 1.  Clearpass directory/disk encryption

    Posted Dec 19, 2017 01:29 PM

    I'm trying to understand more about the local Clearpass server encryption and what is actually encrypted vs. what is not.  I found another thread here:

     

    http://community.arubanetworks.com/t5/Security/Does-Clearpass-provide-disk-or-file-encryption/td-p/248380

     

    Where the final response was "So we don't use drive level encryption, we do encrypted the data within certian DB's columns and encrypt certain directories using AES-256 in CBC mode. "

     

    So the only questions I have regarding the above statement are:

     

    Are the directories holding database information, device information (shared secret for tacacs/radius), and other sensitive data encrypted?

    and

     

    Where are these directories on the actual server itself?



  • 2.  RE: Clearpass directory/disk encryption



  • 3.  RE: Clearpass directory/disk encryption

    Posted Dec 19, 2017 02:00 PM

    Hi Victor,

     

    It looks like in that document it answers one of my questions:

     

    "All sensitive data directories are protected using AES -128 encryption. "

     

    But now I'm wondering what ClearPass considers a "sensitive data directory".  Would that be all databases, device configurations (shared secrets), etc?



  • 4.  RE: Clearpass directory/disk encryption

    Posted Dec 20, 2017 04:40 AM

    Patrick,

     

    It seems to me that asking the question is answering it as a secret is something sensitive by definition. If you need a definitive answer, I would contact Aruba TAC and/or your local Aruba contact to get it verified/confirmed by Product Management.

     

    Herman