Question & Answer
Question
Could you share with us the encryption on Guardium ? Below are some questions that I have: 1. Is data at rest encrypted in appliance? (eg. Data in collector, aggregator etc) 2. Does TLS/SSL happen at server level? Or is it 2-Way TLS/SSL(mutual authentication) or just 1- Way TLS/SSL (eg. STAP to Collecotr, Collector to Aggregator etc) 3. Does Guardium use the same/different certificate for https connection in GUI (browser accessing appliance) and appliance to appliance (eg. collector to aggregator, aggregator to Central manager) ?
Answer
The following answers are based on Support view. It hopes to address any administrative concerns, installation and deployment doubts.
1. Data is encrypted in traffic. They are decrypted then written to respective tables in the internal database. Table data is accessible via protected password and will require valid certificate between server and client.
You may view the list of certificates installed for mysql using "show certificate mysql client" and "show certificate mysql server" commands.
2. There are multiple internal modules that will make TCP connections using encryption with certificate. For instance 2 way : server <-> client, will only be configured for mysql.
Between Collector to Aggregator via data export/import, exported data is encrypted before transferring to aggregator. Data exported from archives, backup and for aggregation are encrypted using 3DS encryption. They are decrypted on local appliance when use.
3. You can check current installed certificates using "show certificate summary" or individual "show certificate" commands.
Full List of Show Certificate Commands
TLS encryption is basically what is used for GUI.
CM - MU connection will use GUI certificate and Mysql certificate depends on what functionality it access. Their port communication is via 8443, 8447, 3306, 8983, 9983 and are SSL encrypted.
Data export/import between appliances use SCP transfer. SSH uses public key authentication and the cipher.
Supported ciphers for SSH access have been changed in Guardium
The used connection is corresponding to which modules was being requested then check for validity of certificate configured on the appliance.
Port requirement table is useful for identify which connection will be happening.
Guardium port requirements
In general you may change all the TLS/SSL certificate used in Guardium into your own organization trusted CA certificate, please follow this technote and refer to documented link for more deails
How to install GUI certificate in Guardium
How to install an appliance certificate to avoid a browser SSL certificate challenge
Was this topic helpful?
Document Information
Modified date:
04 July 2018
UID
swg22014350