Each CA DataMinder machine has a unique encryption key that is used when writing blob files to disk. Further settings in the machine policy determine how often the local key is changed.
By default, regular key changes occur automatically to reduce your exposure to security risk. Limiting the volume of data encrypted with a single key means it is harder for an intruder to crack the key. It also means that in the unlikely event they succeed, they will only gain access to a small part of your total data store. Note that superseded keys are retained so that older files can still be read.
In normal situations, it is not necessary to edit these policy settings because the default values have been carefully chosen. But if you need to strengthen security on the CMS (or a gateway), you can modify two key replacement thresholds:
The key is changed after the specified number of days. For example, you can specify a key change every seven days.
The key is changed after it has encrypted the specified volume of data. For example, you can specify a key change after every 1 GB of captured data. (On the CMS, this threshold measures how much data has been captured and encrypted across your entire CA DataMinder installation.)
These thresholds operate in parallel. The encryption key is changed as soon as either threshold is exceeded, and both threshold counters are immediately reset to zero.
|
Copyright © 2014 CA.
All rights reserved.
|
|