Overview
The MongoDB component of the NetBrain Integrated Edition solution is responsible for storing all sensitive data regarding the network that has been discovered as well as all other information related to the deployed solution.
Many of our customers want to ensure that we are handling the data properly at rest and in transit.
Answer
NetBrain encrypts sensitive data in the MongoDB (at rest) using AES-256-CBC.
For all communications among NetBrain components (including the database) TLS 1.2 is used with whichever encryption method is set by the user and can be configured at any time. NetBrain pre-configures strong cipher suites by default but ultimately the decision is up to each customer. The list of recommended cipher suites with strong encryption for data in transit are:
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384