eOn-prem data encryption AES-256-XTS

Solved
markus_albisser
Here to help

eOn-prem data encryption AES-256-XTS

Greetings

 

I learned that all the data which is at rest on Meraki devices is encrypted with AES-256-XTS. The question from our security department came now up where the key is stored and who has the control of it. In other words, where is the possibility to decrypt this existing data on the on-prem devices if this goes offline or will be disposed? Is the key to decrypt this data under Meraki's control and where is it stored?

 

Thanks a lot

Markus

1 Accepted Solution
markus_albisser
Here to help

Hi PhilipDAth

I was not able to find any hint about this encryption. I will get back to my Meraki representative from where I got the information about the encryption.

 

Thanks, Markus

View solution in original post

5 Replies 5
cmr
Kind of a big deal
Kind of a big deal

@markus_albisser there shouldn't be any data stored on the MX devices, or are you referring to the configuration that might include hostnames etc. in firewall rules?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
cmr
Kind of a big deal
Kind of a big deal

Or are you using the old cache feature?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
markus_albisser
Here to help

It might be more the information on the devices which relates to the configuration as you mentioned (hostname, IP addresses, VLANs, interface descr. etc.), if a device becomes obsolete or gets lost (stolen), how can this type of information be decrypted? Is there only Meraki who knows the key and is this safe?

PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know the answer, but try checking out the Meraki "Trust" section:

https://meraki.cisco.com/trust/ 

markus_albisser
Here to help

Hi PhilipDAth

I was not able to find any hint about this encryption. I will get back to my Meraki representative from where I got the information about the encryption.

 

Thanks, Markus

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels