Encryption of the logs?
Does anyone happen to know what encryption algorithm RSA enVision uses when it stores the logs to the LogSmart IPDB? I have read an old document "Encryption and Data Protection" where the author has said something like this: "Each minute, Nuggets are rolled up into a superset of objects called “packages” that are in turn closed and saved in a cipher protected object-store. This is first and default form of data encryption." Then the document describes how the hashing is done and so on, but there isn't any information about the encryption algorithm which is being used.
A mean PCI-auditor may ask how the logs are encrypted
So, basically you shouldn't been able to read those logs inside IPDB without some specified parameters like enVision license key or serial number? The MD5 hash value is derived from so called GUID (unique identifier, derived from NIC Domain Site, Site name, Node name, date and time and so on). Is this GUID also used during the encryption/encoding?
I just want to be sure that logs will be properly encrypted. For instance, in the PCI DSS 1.1 requirement 3.4 is says that you have to render the Primary Account Number (which may appear also in the logs) unreadable, by using any of the following approaches:
• Strong one-way hash functions (hashed indexes)
• Index tokens and pads (pads must be securely stored)
• Strong cryptography with associated key management processes and procedures
The answer I have received is that the logs are not encrypted. It is closer to say that they are machine encoded. If you want to encrypt them I have been told that I can use the encryption that comes native with Windows. I think that would be too big of a performance hit though.
Hmmmm it would be nice if RSA could reply on this issue in terms of supported configurations, as I imagine for a lot of users holding extremely sensitive data, this could be quite important.
'Machine encoded' is definitely far from 'encrypted'
It is not encrypted. Only encryption is in the form or the credentials for collection and portions of the application and tables. the IPDB itself is not encrypted, but rather hashed.
Is there any formal documentation anywhere on this, or can RSA provide something more concrete? If/when tested under an audit situation, I don't think "I know it's this way because I read it on the forum" is going to hold much water.
Anything that can explain it in detail, without abiguity, would be helpful.
And if it's really a simple operation under the hood, then the documentation should state so... e.g. Don't try to convince me that "Three rounds of tripple XOR encoding" is oh so secure