Greg,

On Thu, Dec 29, 2005 at 11:17:02AM -0500, Greg Troxel wrote:
>   I also know that protecting the keyring is of paramount inportance
>   in a security situation. All I could suggest is an unencrypted copy
>   of the root/critical systems with updated keyring and archived and
>   stored in a physically high security area. For that matter I think
>   any mission/critical or rapid recovery system should have this anyway.
> 
> Sure, but depending on one's threat model this is precisely the data
> that needs to be encrypted in transport.

No argument - so the question is what is your model.

Do you put a fire/water/tamper proof safe in the computer room 
or do you hire an armed guard and a truck ? Is the requirement
technical or political ?

Standards at my site are too often set by a homogenious parent agency
that has no understanding of the diversity of our enviroment or the
quantity and type of data. The security level of our data is very
different (as a matter of NY State policy) from theirs, yet we are
expected/mandated to follow their security protocal and don't receive
the funding to do so.

What do you protect, why are you protecting it, what are you
protecting it from, what resources are available to performing
and maintaining that protection ? These also all impact not only
the data security but the ability to restore the data.

Dave in my office has noted that backups/saves have no purpose unto
themselves. Its not the ability to backup data to tape that is 
important, it is the ability to restore data from tape and make it
available again that is important.

If the client(s) and servers are on a secure network, perhaps in an
isolated room and you have security transport do you also need to
worry about encryption ? Can you have too many safeguards ?

Arguably the bank that 'misplaced' tapes last year did need to worry
about encrypting the tape.

> My last emergency (total hard drive failure in tape drive system), I
> did a fresh install and then used dd to read the whole tape to disk
> (streaming, and read bits on first pass).  This is almost just like
> 'amrestore -c /dev/nrst0', and having that would have been easier.

There is a lot to be learned from other people's war stories. Its been
a long time since I sat in on a session like that in person. I'm not
sure that a Q&A/FAQ of amanda related war stories wouldn't be of benifit.


---
   Brian R Cuttler                 brian.cuttler AT wadsworth DOT org
   Computer Systems Support        (v) 518 486-1697
   Wadsworth Center                (f) 518 473-6384
   NYS Department of Health        Help Desk 518 473-0773