Security

I'm trying to understand more about the local Clearpass server encryption and what is actually encrypted vs. what is not.  I found another thread here:

http://community.arubanetworks.com/t5/Security/Does-Clearpass-provide-disk-or-file-encryption/td-p/248380

Where the final response was "So we don't use drive level encryption, we do encrypted the data within certian DB's columns and encrypt certain directories using AES-256 in CBC mode. "

So the only questions I have regarding the above statement are:

Are the directories holding database information, device information (shared secret for tacacs/radius), and other sensitive data encrypted?

and

Where are these directories on the actual server itself?

Hi Victor,

It looks like in that document it answers one of my questions:

"All sensitive data directories are protected using AES -128 encryption. "

But now I'm wondering what ClearPass considers a "sensitive data directory".  Would that be all databases, device configurations (shared secrets), etc?

Patrick,

It seems to me that asking the question is answering it as a secret is something sensitive by definition. If you need a definitive answer, I would contact Aruba TAC and/or your local Aruba contact to get it verified/confirmed by Product Management.

Herman