Overview of Network Encryption Auditing
Network encryption auditing logs the security level that client interfaces use on the network when sending messages to the database. The messages are logged to the gateway log.
- Integrity, Default
- Integrity, Low
- Integrity, Medium
- Integrity, High
- Confidentiality, Default
- Confidentiality, Low
- Confidentiality, Medium
- Confidentiality, High
There are three auditing options:
- No auditing: The feature is disabled, so nothing is logged.
- Audit everything: Any change in the security level used by a client interface for a session is logged in the current gateway log file.
- Audit cleartext: This only logs security level changes that result in a security level that does not guarantee confidentiality.
This feature is enabled from gtwcontrol; it is disabled by default. For more information about gtwcontrol, see Utilities.
About the Gateway Log
Network encryption auditing is logged to the gateway log. The auditing information is scattered throughout the log file because it is logged (along with other entries) by the session’s gateway to its current log on its own node.
A new log is opened on restart or when the old log reaches a certain size. Logs that are older than seven days old are deleted when a gateway opens a new log.
The auditing information is not entered into database tables, so it must be extracted from the logs and imported to the database to allow sophisticated analysis.
Example: Enabling Network Encryption Auditing to Log Every Change in Security
The example shows the command to enable network encryption auditing to log every change in the security level of incoming messages. Once enabled, this logs the security level of the first message after a session logs on and also logs subsequent security level changes for each session. Run:
Example: Enabling Network Encryption Auditing to Log Every Cleartext Change in Security Level
The example shows how to determine which client software is not using encryption. The following command enables network encryption auditing to log all cleartext security levels, that is, any level that is not explicitly a Confidentiality level. Run:
If any sessions are not using encryption, a message similar to the following will be logged:
gtwnetio.cpp @1816 (117455456): Thu Jan 5 20:10:30 2017 Client Security Level: Plaintext for Request 2 from HG 1, Session 1115, IPAddr 192.0.2.2, Port 50117, User "TESTUSER"
Example: Disable Network Encryption Auditing
The example shows the command to disable network encryption auditing. Run: