Configuring Disk Encryption on a Model 6000C

You can configure disk encryption on a new model 6000C Stellar Cyber installation. This encrypts the data at rest on the DP.

Encryption must be configured via the DP appliance CLI, and should be done only with guidance from Stellar Cyber support. You can:

• Enable encryption
• Disable encryption
• Manage passphrases
• Manage metadata backups
• Manage the encrypted disk

Data backups are not encrypted, even if you have disk encryption enabled.

Enabling Encryption

Enabling encryption erases any existing data and configuration. If you're enabling encryption on a 6000C with data, back up the data and configuration before enabling encryption, then restore. To enable disk encryption:

1. On the CLI, enter the command:

   disk_encrypt enable

   A large caution appears and you are asked to confirm.

2. Enter YES to confirm. You are asked for an additional confirmation.

3. Enter YES to confirm. Your passphrase appears. Store it securely, as it cannot be recovered.

   You are asked to enter the passphrase.

4. Enter your passphrase. The DP reboots.

5. To verify that encryption is enabled, use the command:

   disk_encrypt info

   If the output is populated, encryption is enabled.

   If the output is The disk encryption is not enabled, retry.

6. After the DP boots, enter the command:

   disk_encrypt open

   You are asked to enter the passphrase

7. Enter the passphrase. The encrypted disk is immediately opened.

8. Start the data lake with the command:

   start dl-master

9. To regenerate the default configuration (default receiver, default sensor profile, default DA profile) automatically, run the following command:

   remove_data

10. Restart all services with the command:

    reset

11. Check status with the command:

    show status

12. If the output of the show status command is Starting elasticsearch cluster: X out of Y indices are still recovering:

    1. Wait 15–20 minutes for the indices to be cleaned.
    2. If the red indices do not recover, run the clean_indices command.
13. If the output of the show status command is System Ready, log in to the UI with the default credentials (username: admin, password: changeme).

14. If the DL-master had associated DL-worker nodes, you can now connect to those and use the reset command on them, as well (resetting the DL-master node does not automatically reset the worker nodes).

    Make sure you wait for the DL-master to show its status as System Ready before you reset the DL-worker nodes.

15. Configure the data analyzer to use the default profile, or create a new profile under System | DATA MANAGEMENT | Data Analyzer.

If you cannot authorize a sensor in Stellar Cyber, reset the OTP with these commands:
set otp <license key>
refresh_license

Disabling Encryption

Disabling encryption shuts down the data lake, disables encryption, reformats the file system, and restarts the dl-master. To disable disk encryption:

1. On the CLI, enter the command:

   disk_encrypt disable

   A large caution appears and you are asked to confirm.

2. Enter YES to confirm. You are asked for your passphrase.
3. Enter your passphrase. You are asked to confirm again.
4. Enter YES to confirm. You are asked for a final confirmation before reformatting.
5. Enter y to confirm.

6. To regenerate the default configuration (default receiver, default sensor profile, default DA profile) automatically, run the following command:

   remove_data

7. Restart all services with the command:

   reset

8. Check status with the command:

   show status

9. If the output of the show status command is Starting elasticsearch cluster: X out of Y indices are still recovering:

   1. Wait 15–20 minutes for the indices to be cleaned.
   2. If the red indices do not recover, run the clean_indices command.
10. If the output of the show status command is System Ready, log in to the UI with the default credentials (username: admin, password: changeme).
11. Configure the data analyzer to use the default profile, or create a new profile under System | DATA MANAGEMENT | Data Analyzer.

The disk is immediately reformatted and encryption is disabled. Check status with the disk_encrypt info command.

If you cannot authorize a sensor in Stellar Cyber, reset the OTP with these commands:
set otp <license key>
refresh_license

Managing Passphrases

You can add, remove, and change passphrases (keys), but you cannot recover a lost passphrase. If you lose a passphrase, you must use another passphrase. If you have no other passphrases, you must re-enable encryption (which reformats the drive).

To see how many passphrases you have, use the disk_encrypt info command.

Adding a Passphrase

To add a passphrase, enter the command disk_encrypt add_key. Your new passphrase appears. Store it securely, as it cannot be recovered.

Removing a Passphrase

To remove a passphrase:

1. On the CLI, enter the command:

   disk_encrypt remove_key

   A large caution appears and you are asked to enter the passphrase you want to remove.

2. Enter the passphrase. It is immediately removed.

To remove a lost passphrase, contact Stellar Cyber technical support.

Changing a Passphrase

To change a passphrase:

1. On the CLI, enter the command:

   disk_encrypt change_key

   Your new passphrase appears. Store it securely, as it cannot be recovered.

2. Enter an existing passphrase.
3. Enter your new passphrase.
4. Enter your new passphrase again to verify.
5. Enter the existing passphrase again to delete it.

The passphrase is immediately changed.

Managing Metadata Backups

You can make backups of the disk encryption metadata (header). Backups are automatically created when you enable and when you add, delete, or change a passphrase. You can create a backup and restore.

Creating a Backup

To create a metadata backup, you must include the name of the backup file:

1. On the CLI, enter the command:

   disk_encrypt backup_header /home/stellar/BackupName

   A large caution appears and you are asked to confirm.

2. Enter YES to confirm. The metadata backup is immediately created.

The disk can be decrypted using the metadata backup and the passphrase active when the backup was created, whether that passphrase is changed or removed.

Restoring From a Backup

To restore from a metadata backup:

1. On the CLI, enter the command:

   disk_encrypt restore_header /home/stellar/BackupName.dat

   A large caution appears and you are asked to confirm.

2. Enter YES to confirm. The backup is immediately restored.

Any passphrase changes made after this backup was created are lost.

Managing the Encrypted Disk

You can open and close the encrypted disk.

Opening the Encrypted Disk

If the appliance reboots and you don't enter the passphrase (if there's a power outage, for example), the data lake will be down. To restart the data lake:

1. On the CLI, enter the command:

   start dl-master

   You are asked to enter the passphrase.

2. Enter the passphrase. The encrypted disk is immediately opened and the data lake is started.

Closing the Encrypted Disk

If you want to keep the data from an operator, if for example, you're troubleshooting the appliance, you can close the encrypted disk. To close the encrypted disk enter the command stop dl-master. The data lake is stopped and the encrypted disk is immediately closed.

If the data lake VM was shut down without the stop dl-master command, use the disk_encrypt close command to close the encrypted disk.