This question was originally posted on DCIM Support by Lai Yuan Jiun on 2018-05-02
Can you advise what is stored inside the DCE Backup files, does it include sensitive information such as all the usernames and passwords of the DCE users and discovered devices?
If yes, is it encrypted?
If it is not encrypted, how do we secure this backup?
This answer was originally posted on DCIM Support by spezialist on 2018-05-02
Dear Lai Yuan Jiun,
The DCE software backups stores all accounts usernames (i.e. for authorization in DCE software) in an unencrypted form. And DCE software accounts passwords are stored in a hashing and salting form (i.e. encrypted form). That is, DCE software accounts are fully protected.
Unfortunately, the accounts (logins and passwords for web and console login, but not SNMP community strings) for SNMP Devices File Transfer in the DCE software backups are stored in an unencrypted form. Therefore, the SNMP Devices account is not protected in any way. Please note, that this statement does not apply to the NetBotz Appliances File Transfer.
Hence the conclusion: any backups of the DCE software are best stored in storage with limited access, which is reliably protected in various ways.
This comment was originally posted on DCIM Support by Francis Thong on 2018-05-08
Anything related to security should be taken seriously by Schneider. Instead of relying on limiting the access to the files, isn't it better to have Schneider implement it as a feature inside DCE data export.
This comment was originally posted on DCIM Support by John Benedict Tayao on 2018-05-16
Hi Francis,
DCE backup encryption has been raised and logged as a feature enchancement. I dont have have any updates yet but I'll keep an eye on this and let you know of any update on this feature enhancement.
This comment was originally posted on DCIM Support by spezialist on 2018-05-22
Dear Francis Thong,
From your comment:
Can I know which are the directory and files that contains sensitive information that needs to be encrypted ?
Regardless of the type of backup, it is necessary to encrypt only one file - nbcServer.tar. This file contains unencrypted sensitive information, which I wrote about in response to this post.
