On 3/31/2019 6:44 PM, Phil Smith III wrote:
Correct. You're also not really providing any protection beyond the case of someone walking into the data center and pulling a drive. Any compromise of any kind on the system is going to get cleartext, so the encryption won't help at all.
If someone walked in they could probably also steal the SKLM server (with the keys), assuming it's running at the same location. From what I've seen, the benefit of such encryption is the elimination of having to zero out the data when shipping or replacing the box, and like you say, does nothing to protect host access to the data.
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
