Chat now with support
Chat with Support

Change Auditor - For Advanced Users 7.1 - Technical Insight Guide

Change Auditor Services Change Auditor licensing processes Component Start-up Considerations Change Auditor network communications Coordinator internal tasks Registry Settings Change Auditor built-in fault tolerance Change Auditor protection Database Considerations Account exclusions best practices

Secure password storage

Certain aspects of Change Auditor auditing require storing passwords and other confidential data. Examples of such data include access credentials to NetApp, EMC, VMware, SharePoint, Office 365, Skype for Business, FluidFS and SQL DLA. To safeguard this data, Change Auditor uses RSA encryption.

On startup, the agent generates a private/public key pair and stores the public key in the database. When the agent is configured to audit another network device using the supplied credentials, these credentials are encrypted using the agent’s public key. This way, it is impossible for anyone but the agent itself to decrypt them.

The coordinators also store public keys in the database which are used to decrypt SMTP passwords to send alerts.

Change Auditor uses CryptProtectData with a key length that is variable-dependent upon input phrase. This encryption is symmetric. This encryption is automatically enabled. This encryption cannot be used outside of Change Auditor.

Client to coordinator connection

Agent to coordinator connection (version 6.x and 7.0.1)

Change Auditor 6.x (and above) agents also search Active Directory for the SCP for connection information to the coordinator; however, they now connect to the coordinator using WCF as described here.

Agent to coordinator connection (version 7.0.2)

Change Auditor 7.0.2 agents connect in the same way as 6.x agents, however encryption and decryption for database storage and communications are upgraded to meet the requirements of FIPS 140-2 and its annexes.

Related Documents