1 Reply Latest reply on Oct 17, 2008 2:02 PM by Greg Kullberg

    RSCD Agent Log Security / Encryption

    Dan Chan

      Hello All,



      I am newbie here, so I'm just looking to see if someone can help clear my thoughts and let me know if I'm on the right track or not.


      I was recently asked the following question at a client site (it is a security based co.):


      "What type of encryption is used for the Agent Logs?"


      From what I have read there are two types of security available: "IS_SECURE_AGENT_LOGS" and "IS_KEYSTROKE_LOGS".


      The first option secure agent logs is described as "...logs are periodically rolled and digitally signed as they are rolled."


      Does this mean that the logs are stored in plain text until they are rolled?


      The second option is keystroke logging which is described as "When keystroke logging is enabled on an agent, remote commands run against the agent using nexec are captured and logged in an encrypted manner in keystroke logs.These logs are also periodically rolled and digitally signed as they are rolled."


      Does this mean that the commands being sent are encrypted before they are sent to the agent... or is it only encrypted on the agent?


      I was also wondering if anyone knew the protocol of the security being used.


      I am also not familiar with all the types of security protocols there are beyond top hit googles, so any information or direction would be greatly appreciated!


      Best Regards,


        • 1. Re: RSCD Agent Log Security / Encryption

          The default protocol for agent communication is TLS. You should never see any traffic going to/from the agent in clear text.


          In regards to agent logs, they are not encrypted. Turning on IS_SECURE_AGENT_LOGS only means that they are digitally signed. Some customers have asked to have encrypted agent logs, but I'm not sure if or when that will happen.


          Keystroke logs however are encrypted and signed, as they capture all keystrokes and could potentially have password or other secure information within them.