Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
usmanshah526
Explorer

Are logs in encrypted form while sending to management server?

Hello All,

I have one query about logs if any one know the answer please reply the same.

query is between management servers and gateways logs sending in which format like plain text and encrypted form?

and if it’s sending logs in plain format is it possible to man in the middle attacker to read the logs while sending to management server?

 

0 Kudos
7 Replies
_Val_
Admin
Admin

Logs are sent through a protected channel with certificate-based authentication. I would be very surprised if you manage to do MitM attach on that.

usmanshah526
Explorer

Thanks for your reply is there any way we can show that logs was encrypted during forwarding logs management server,  because auditor ask they same questions to us and if is it mentioned in any document please share if you have any docs or articles related to this topic.

0 Kudos
Blason_R
Leader
Leader

Its pretty simple - Capture the packet in your switch for port TCP/257 or even on mgmt server for port TCP/257. Try to read the logs. Since mgmt server is CA and then distributes certificates to difference component like firewalls and event viewer if deployed separately. The entire communication is encrypted using certificates

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
Legend
Legend

I dont believe there is specific document saying so, but its been that way with CP since the beginning. @Blason_R  and @_Val_ are 100% correct!

Chris_Atkinson
Employee Employee
Employee

Please refer to the section on SIC in the Security Management Admin Guide for your version, aswell as describing the encryption used by SIC it states this "trust" is required to send logs from Gateway to Management etc.

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
Authority
Authority

@usmanshah526  you can find these information in the documentation Secure Internal Communication (SIC) 

encryption type, which communication is encrypted etc.

the_rock
Legend
Legend

Also, to add to this, any communication between mgmt and gateway would be encrypted. Think of basic scenario...lets say SIC breaks on the firewall and you have to reset it. Key you put on for sic reset, does not matter, can be 12345678, its a one time password thats encrypted and its gone, thats it. 

But, if you really need document stating than, I will let someone else provide it, as I had never seen one stating so.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events