View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass directory/disk encryption

This thread has been viewed 11 times
  • 1.  Clearpass directory/disk encryption

    Posted Dec 19, 2017 01:29 PM

    I'm trying to understand more about the local Clearpass server encryption and what is actually encrypted vs. what is not.  I found another thread here:



    Where the final response was "So we don't use drive level encryption, we do encrypted the data within certian DB's columns and encrypt certain directories using AES-256 in CBC mode. "


    So the only questions I have regarding the above statement are:


    Are the directories holding database information, device information (shared secret for tacacs/radius), and other sensitive data encrypted?



    Where are these directories on the actual server itself?

  • 2.  RE: Clearpass directory/disk encryption

  • 3.  RE: Clearpass directory/disk encryption

    Posted Dec 19, 2017 02:00 PM

    Hi Victor,


    It looks like in that document it answers one of my questions:


    "All sensitive data directories are protected using AES -128 encryption. "


    But now I'm wondering what ClearPass considers a "sensitive data directory".  Would that be all databases, device configurations (shared secrets), etc?

  • 4.  RE: Clearpass directory/disk encryption

    Posted Dec 20, 2017 04:40 AM



    It seems to me that asking the question is answering it as a secret is something sensitive by definition. If you need a definitive answer, I would contact Aruba TAC and/or your local Aruba contact to get it verified/confirmed by Product Management.