Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Tampering logs in MX/GW

    Posted 11-17-2020 11:13
    Greetings,

    Would like to know if there are supporting documents by Imperva which proves that audit logs in MX/GW cannot be tampered.
    #DatabaseActivityMonitoring

    ------------------------------
    Ho Larry
    M.Tech Products
    Singapore
    ------------------------------


  • 2.  RE: Tampering logs in MX/GW

    Posted 11-17-2020 23:23
    Hi,

    Although these documents are not from this year, the design has not changed, these are hardened appliances.  Please see the attached for your reference. Hope this helps.

    Best,

    BA

    ------------------------------
    Brian Anderson
    ------------------------------



  • 3.  RE: Tampering logs in MX/GW

    Posted 11-18-2020 09:13
    As far as audit data.  Whan an archive file is created , it it is going to be copied to another device for storage.  Auditors will want  to know how can it be assured that when the archive was no longer on the gateway, how can the integrity of the data be preserved.   In Main - Setup - Settings - Default archive settings, you can configure an encrytion key to be used to with the archive file, and you can also have a signing key assigned to it..  The encrytion helps secure the data but if it was somehow tampered with, when you try to load it you will get a signing key mismatch. So both together help ensure the integrity ouside of our system.

    As far as the audit data on the gateway, you need to ensure that the audit encrytption has been enabled for the hard disk.
      You can follow the procedure listed here to enable it. https://docs.imperva.com/bundle/v13.6-administration-guide/page/6871.htm



    ------------------------------
    David Mazakas
    ------------------------------