Encryption of Database

gskibum
Contributor III

Hi all, I've got a bean counter wanting to add firewalls, switches etc. as Peripheral Types. And she wants the device admin credentials added to the Peripheral Types.

My question is whether this is secure.

Ugn I wish I hadn't opened my mouth about Peripheral Types!

3 ACCEPTED SOLUTIONS

bpavlov
Honored Contributor

That depends where that information is being stored. but in all likelihood that would be a very bad idea. How big is your organization? Do you have an IT Security department? What does your CIO (or the IT head honcho) have to say about this? I would not want to be in a position to give up those credentials and then be blamed if later down the road those credentials got into the wrong hands.

That's not to say that the credentials shouldn't be stored somewhere for the company to be able to reference in case of a employee termination. But I would imagine that should stay within the realm of the IT department.

View solution in original post

mm2270
Legendary Contributor III

Seems like a total misuse of "Peripherals" if you ask me. I would fight that one, since its obviously not what its intended for, and storing that kind of sensitive information in plain text in the JSS UI seems completely crazy. The FileVault keys are stored in encrypted fields in the db, and maybe a couple of other items. But most of it is accessible with a simple login account that has the privileges to view that data.

View solution in original post

alexjdale
Valued Contributor III

Not secure, nor is it an appropriate use of the JSS. They may as well put the info in a spreadsheet.

View solution in original post

4 REPLIES 4

bpavlov
Honored Contributor

That depends where that information is being stored. but in all likelihood that would be a very bad idea. How big is your organization? Do you have an IT Security department? What does your CIO (or the IT head honcho) have to say about this? I would not want to be in a position to give up those credentials and then be blamed if later down the road those credentials got into the wrong hands.

That's not to say that the credentials shouldn't be stored somewhere for the company to be able to reference in case of a employee termination. But I would imagine that should stay within the realm of the IT department.

mm2270
Legendary Contributor III

Seems like a total misuse of "Peripherals" if you ask me. I would fight that one, since its obviously not what its intended for, and storing that kind of sensitive information in plain text in the JSS UI seems completely crazy. The FileVault keys are stored in encrypted fields in the db, and maybe a couple of other items. But most of it is accessible with a simple login account that has the privileges to view that data.

alexjdale
Valued Contributor III

Not secure, nor is it an appropriate use of the JSS. They may as well put the info in a spreadsheet.

gskibum
Contributor III

Cool glad to confirm this kind of data is not stored in a secure manner.

Fight this I will. To arms!