Encryption Strength

Tenable Network Monitor uses the following default encryption for storage and communications.

Note: If your organization requires that your instance of Tenable Network Monitor meets National Information Assurance Partnership (NIAP) standards, certain settings may be configured differently than the following information. For more information, see Configure Tenable Network Monitor for NIAP Compliance

Function

Encryption

Storing user account passwords

SHA-512 and the PBKDF2 function with a 512 bit key

Database encryption

OFB-AES-128

XTS-AES-256 when configured for NIAP compliance.

Passphrase for SSL browser certificates

Tenable Network Monitor does not store passphrases for any certificates.

For information on how OpenSSL encrypts and stores passphrases for SSL certificates, see the OpenSSL documentation.

Communications between Tenable Network Monitor and clients (Tenable Network Monitor user interface users).

TLS 1.2 with the strongest encryption method supported by Tenable Network Monitor and your browser.

For information on cipher suites used, see Enable Strong Encryption. Cipher suites are overriden when configured for NIAP compliance.

Communications between Tenable Network Monitor and the Tenable product registration server

TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384.

Communications between Tenable Network Monitor and the Tenable plugin update server

TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384.