Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6983
Views
5
Helpful
5
Replies

ISE Internal DataBase

Go to solution
gugonza2
Cisco Employee
Cisco Employee

‎03-09-2018 01:18 AM

Hi Team,

I have some questions about ISE internal database:

  • What is the database engine of ISE internal databases ?
  • Is the content of ISE database encrypted ?
  • Is it possible to connect to ISE database using a AD domain user ?
  • What controls or functionalities does the solution have to safeguard the integrity and security of the information received, stored, modified and / or processed?

Thanks in advance,

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎03-09-2018 06:44 AM

See ISE Security Best Practices (Hardening)or more details including some info on DB encryption on FAQ.

There is no direct access the the underlying databases.  Yes, there is more than one.  Access to config is provided via the ISE Admin UI or via ERS API.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
dmh
Level 5
Level 5

‎03-09-2018 05:02 AM

ISE uses an Oracle database.

The best way to access ISE information remotely is using the REST API interface which also ensures the database integrity.

The database tables and structure would can (and does) change between versions so using an API abstracts this so your code doesn't need to be updated every time this happens.

See the following for the REST API documentation:

Cisco Identity Services Engine API Reference Guide, Release 2.x - Cisco

Go to solution
Craig Hyps
Level 10
Level 10

‎03-09-2018 06:44 AM

See ISE Security Best Practices (Hardening)or more details including some info on DB encryption on FAQ.

There is no direct access the the underlying databases.  Yes, there is more than one.  Access to config is provided via the ISE Admin UI or via ERS API.

0 Helpful

Go to solution
gugonza2
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎03-09-2018 06:45 AM

Thx,  Just a last question;  are these DBs encrypted ?

Go to solution
gugonza2
Cisco Employee
Cisco Employee
In response to gugonza2

‎03-09-2018 06:45 AM

Any document or references with that information ?

Go to solution
Craig Hyps
Level 10
Level 10
In response to gugonza2

‎03-09-2018 07:07 AM

Please refer to the link already provided.  It states that database is not encrypted.  Data fields other than passwords are not encrypted, but ISE admin users do not have direct accesses to the database in normal operations.

Customers Also Viewed These Support Documents