I'm trying to understand more about the local Clearpass server encryption and what is actually encrypted vs. what is not. I found another thread here:
Where the final response was "So we don't use drive level encryption, we do encrypted the data within certian DB's columns and encrypt certain directories using AES-256 in CBC mode. "
So the only questions I have regarding the above statement are:
Are the directories holding database information, device information (shared secret for tacacs/radius), and other sensitive data encrypted?
Where are these directories on the actual server itself?
It looks like in that document it answers one of my questions:
"All sensitive data directories are protected using AES -128 encryption. "
But now I'm wondering what ClearPass considers a "sensitive data directory". Would that be all databases, device configurations (shared secrets), etc?
It seems to me that asking the question is answering it as a secret is something sensitive by definition. If you need a definitive answer, I would contact Aruba TAC and/or your local Aruba contact to get it verified/confirmed by Product Management.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.