You can get 128, 1024, and I think 4096 packages, not sure
what the costs are, but if I remember correctly, it involves deploying a
separate package to all the clients.
HTH,
Garron Christie
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Joe DeSouza
Sent: Thursday, August 17, 2006 12:10 PM
To: [email protected]
Subject: Re: Encryption and Remedy ARS 6.3
James,
Thanks for your response. 56 bit key is a little lower than I thought it
should be at.. Too many tools out there in the market that could break that
down... I was hoping it would be higher than that. I think I heard some talk
around the security departments that they expect stuff to be at least at a level
of 128 bit encryption..
Any idea what level of encryption does the Remedy Encryption products
use? Does this product work well if you have integrated into
LDAP?
Joe D'Souza
Remedy Developer / Consultant,
BearingPoint,
Virginia.
-----
Original Message ----
From: "McKenzie, James J C-E LCMC HQISEC/L3" <[EMAIL PROTECTED]>
To: [email protected]
Sent: Thursday, August 17, 2006 1:44:30 PM
Subject: Re: Encryption and Remedy ARS 6.3
**
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Joe DeSouza
Sent: Thursday, August 17, 2006 10:39 AM
To: [email protected]
Subject: Re: Encryption and Remedy ARS 6.3
**
__20060125_______________________This posting
was submitted with HTML in it___ __20060125_______________________This posting
was submitted with HTML in
it___
From: "McKenzie, James J C-E LCMC HQISEC/L3" <[EMAIL PROTECTED]>
To: [email protected]
Sent: Thursday, August 17, 2006 1:44:30 PM
Subject: Re: Encryption and Remedy ARS 6.3
**
Joe:
I can answer the first three questions:
Starting with ARS 6.3 (as far as I know), all transmissions
between the client and the ARS server are encrypted by default. The type
and method of encryption are unknown to me, but could be based on a well-known
encryption method.
The Remedy Encryption product provides higher levels of
encryption based upon larger keys. The default encryption supposedly uses
a 56 bit key, but it could be larger or smaller.
James McKenzie
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Joe DeSouza
Sent: Thursday, August 17, 2006 10:39 AM
To: [email protected]
Subject: Re: Encryption and Remedy ARS 6.3
Roger, James, Ed, Rick,
Thanks for your responses...
To the best of my knowledge Encryption between the ARS and the Oracle
server was never and isn't as yet supported. This is because when you enable
Oracle encryption, the .so file that the installation process needs to be
compiled with is not supported with the ARS installer and its binaries. To
support this Remedy would need to recompile its installation scripts which
to the best of my knowledge wasn't done and isn't done as yet. Yes we do plan to
use a sniffer tool to verify what actually happens.
I guess I did not really cleary state my question to the list on my
original post - so I'll explain better below....
Basically my customer has raised a few concerns about security which I hope
to share with you guys as best as I can. I invite your replies to these
questions..:-
1) Is the user name sent as clear text?
2) Is the password sent as clear text?
3) Are both the user name and passwords sent as clear text?
4) Is the encryption a hex or linear conversion of the contents
of the password field (and username field)? Or is it a better
encrytpion algorithm than that?
5) What is the kind of algorithm that is used for this encryption?
Something that an average hacker with standard hacking tools available pretty
much as freewares could hack into? Or is it using a proprietry algorithm that
hasn't been broken into as yet?
I guess these are more the questions that I would be interested to get
answers to.
Joe D'Souza
Remedy Developer / Consultant,
BearingPoint,
Virginia.
