Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Archive Encryption and Digital Signature

Created: 30 Aug 2012 • Updated: 10 Sep 2012 | 2 comments
novajon's picture
This issue has been solved. See solution.

Hello,

Couple questions about event archives in SSIM 4.7.4

 

1) Are event archives encrypted? What about in FIPS mode, does it do anything to encrypt the events in the archive?

2) Events in SSIM are broken up in 2 hr chunks or when they hit a size limit. Each chunk is compresed and digitally signed. The question is when the signing occurs.

  2a) Does it happen each time an event is added?

  2b) Or Does it happen once the chunk is "closed"? Or on some regular interval?

3) Is each event in SSIM digitally signed? Or is it on a per chunk basis, or per archive basis?

 

Thanks in advance

Comments 2 CommentsJump to latest comment

Laurent_c's picture

Good questions :)

 

1) Event are not encrypted but digital signed

2) When the event file is still opened to add more, it is not signed. the signature occurs when the event service close the file.

3) It is signed per file on disk as this is a flat file structure.

SOLUTION
novajon's picture

Perfect thanks! The data is un-readable in each archive file though right? So, even though it's not encrypted, it's stored in a non-readable format?