04. Can GMiD™Box encrypt all stored data?

In case we do not want the information to be kept in plain text, can encryption be applied? In case service performance is affected, can we increase the H/W specification to overcome this issue?

Enabling encryption on GMiD™Box will require big development on our side. Redis Database does not support encryption out of the box, so the only way how encryption can be enabled is to do it on application level, which means that we need to implement same encryption algorithm in several applications and services which are part of GMiD™Box System, including FreeRADIUS, Syslog-NG, API…

Here are some facts from official Redis documentation related to encryption:

“Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket.”

– https://redis.io/topics/encryption

– https://redis.io/topics/security

But there is a possibility that you send to GMiD™Box already encrypted data. We have some cases of GMiD™Box integration like that. For example Telkomsel Indonesia sends to GMiD™Box NAT logs from F5 CGN (so only NAT log, without AAA RADIUS messages, but containing all necessary data, MSISDN, IMSI, IMEI which are encrypted), like this:

15/03/2019|02:05:12|8986ff5772ac474ef6e0d18357cba1ef1245efd9|d5a41b4349938e2b60a3480d3f9179cd9bb6373c|c9ab940c8a437945130ee9b17b857aa107443de4|114.125.116.56:43672|52.114.32.8:4433

[DATE (format: %d/%m/%Y)]|[TIME (format: %H:%M:%S)]|Hashed_MSISDN|Hashed_IMSI|Hashed_IMEISV|CGNAT_IPPORT|INTERNET_IPPORT

If you can provide a GMiD™Box something similar it will be great and will solve all your doubts.