Data Loss Prevention

 View Only
  • 1.  Is the Oracle DLP database in 10.5 encrypted?

    Posted Aug 16, 2010 04:25 PM
    I thought I read somewhere that the database, or some part of it, is encrypted in V10.  And maybe earlier versions as well.  Can anyone shed any light on this for me?  Is it an option that I can/should turn on somewhere?

    Thanks!


  • 2.  RE: Is the Oracle DLP database in 10.5 encrypted?

    Posted Aug 16, 2010 05:18 PM
    The data in the database is encrypted at the application level, not at the OS or DB level.  The default is to rotate the encryption key for the data every 30 days.  The key encrypting key is on the Enforce server and is based on the protect (I think) user's password.


  • 3.  RE: Is the Oracle DLP database in 10.5 encrypted?

    Posted Aug 16, 2010 05:22 PM

    Most of the Vontu DB is encrypted when the data is inserted to it.
    Symantec Has the following reference:

    A customer that decides to reverse engineer the DLP database must understand the following:

    1. The database schema is not fixed.  It may change at any time without notice.
    2. Most of the data is encrypted by the DLP process prior to insertion into the database.
    3. There is no support for any issues with 3rd party use of the DLP database.

    Moreover,
    Another KB suggests that: "Encryption is performed by the Vontu application, which is to say, outside of the Oracle database."

    This regards all Vontu versions from version 7 (there is no record before that), including version 10 and 10.5

    Kind Regards,
    Naor Penso



  • 4.  RE: Is the Oracle DLP database in 10.5 encrypted?

    Posted Sep 16, 2010 04:04 PM

    Hi there,

    Here's some information that may assist with your questions.

    - All sensitive incident data captured by the Symantec Data Loss
    Prevention detection servers is encrypted using 128-bit AES symmetric
    keys. This encryption occurs at the time of capture, is securely
    transmitted to the Enforce Platform database, and is stored in the same
    encrypted format.

    - All indexed data uploaded into the Enforce Platform to create EDM/IDM
    profiles is protected with a one-way hash. As previously discussed,
    secure EDM hashes can also be created remotely within the secure data
    storage network using the External EDM Indexer and can then be
    transferred to the Enforce Platform.

    - All communication channels between detection servers and the Enforce
    Platform in both directions are encrypted with SSL (RSA-1024-bit keys).
    These SSL communications use server- and client-side certificates to
    perform mutual authentication.


    - The encryption keys are rotated on a configurable time period (30-day
    default) and are securely updated from the Enforce Platform to the
    detection servers via the SSL connection.

     

    Regards,

    Cherian Thomas

    Cnslt Info Security Risk