|
|
All communication between BEA Guardian and servers in the target domain requires valid username and password credentials. BEA Guardian prompts you for the username and password of an administrator account on the target domain when you conduct an evaluation or activate a domain. You can choose to have BEA Guardian remember the username and password so you won't have to enter them for every evaluation.
All passwords persisted on disk are encrypted. Usernames and server names are also encrypted. This encryption helps prevent the disclosure of any clear text data that could compromise the security of your domain.
Secure Sockets Layer (SSL) encryption is available for all communication with BEA over the Internet and all communication with Guardian Agents in your target domain. Please note that Guardian uses 128 bit open source encryption for SSL. If you want to use SSL, there are three types of communication to consider:
When you download signatures from BEA Support, BEA collects high level statistics about your signature usage, including the number of times each signature was evaluated and detected. No customer data is included in the usage statistics. This information is only used in aggregate to assess each signature's effectiveness and is crucial to the continuous improvement of BEA Guardian.
Following is a sample signature usage statistic:
<?xml version="1.0" encoding="UTF-8"?>
<usage>
<signature id="WAR0001.001" type="Evaluation" fired="30" evaluated="18" detected="2" />
<signature id="ADMIN0001.001" type="Evaluation" fired="30" evaluated="20" detected="1" />
</usage>
|