Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] Encrpyption

2008-01-11 02:07:00
Subject: Re: [Networker] Encrpyption
From: Steven Weller <sdweller AT SBCGLOBAL DOT NET>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Thu, 10 Jan 2008 23:02:24 -0800 
Hey, did you realize Neoscale went bankrupt and folded
a few months ago to my dismay. Rather disappoionting
if you ask me.

Check it out, Cipher has them now. (you may have
already known this I guess.
http://www.byteandswitch.com/document.asp?doc_id=141025&WT.svl=news1_2

Happy New Year! Hope you had a great holiday!
-Steve


--- Siobhán Ellis <siobhanellis AT HOTMAIL DOT COM> wrote:

> As always, the secret of encryption is key
> management. In my opinion the
> only solutions out there are Decru or Neoscale. My
> personal favourite is
> neoscale.
> 
> NetWorker encryption, just like any backup product,
> is a tick item only.
> 
> So, what should you look for in key management for
> backups?
> 
> Well the devices should be application aware. I know
> Neoscale is, and I
> believe Decru is as well. This means you could, if
> you wish, selectively
> perform encryption on some tapes and not on others.
> 
> Key management should be able to separate the roles
> of administrator and
> security officer (not possible with NetWorker)
> 
> Key management should provide "clustering", so
> multiple devices can share
> the same keys if you choose
> 
> Key management should enable you to say something
> like "If I loose my keys,
> I have 5 security officers. Any 3 can come together
> and recreate the keys"
> 
> Key management should provide a failover capability
> so that a device at a
> remote site would have the same keys as a local one
> (DR)
> 
> Encryption should enable you to compress then
> encrypt (NetWorker can't)
> 
> Hope that helps
> 
> Siobhan
> 
> 
> On 11/1/08 2:08 PM, "Stan Horwitz" <stan AT TEMPLE DOT EDU>
> wrote:
> 
> > On Jan 10, 2008, at 9:38 PM, David Magda wrote:
> > 
> >> On Jan 10, 2008, at 16:35, lemons_terry AT emc DOT com
> wrote:
> >> 
> >>> All of these require a supporting environment to
> provide key
> >>> management, drive configuration, etc.  For the
> TS1120 and T10000A
> >>> at least, this adds tens of thousands of dollars
> to the cost of the
> >>> drive itself, in my experience.
> >> 
> >> I'm probably missing something, but why can't
> Networker do the key
> >> management?
> >> 
> >> I would think that the logical way to implement
> encryption for these
> >> tape drives to have a SCSI command where you send
> a key and say
> >> "enable encryption". The back up software would
> then keep the key in
> >> its database and tie it to the back up session.
> > 
> > Do you propose that some Joe NetWorker
> administrator have access to
> > his or her organization's security keys? I for one
> would not want to
> > have that level of responsibility. The person who
> holds the keys
> > should be in the data security group, not the
> backup group. I have
> > experimented with NetWorker 7.4's encryption
> feature last summer. As
> > soon as I got it working, my boss asked me never
> to use it again,
> > which is what I was hoping would happen. What
> would happen if the only
> > person who knows what the encryption key is gets
> struck by lightning
> > after having just changed the key in NetWorker?
> Without the key that
> > was used when an encrypted backup is done,
> recovering that data would
> > be impossible.
> > 
> >> Then, when you want to restore or clone,
> Networker (or whatever)
> >> would look up the file's save set, get the key,
> send it to the
> >> drive, and tell it to decrypt the data as it
> comes off the media.
> >> 
> >> Does anyone know of any documents or white papers
> that describes the
> >> architecture of this?
> > 
> > Google is your friend. My favorite way to do
> encryption is
> > http://www.ingrian.com
> >   but there are also other options.
> > 
> > To sign off this list, send email to
> listserv AT listserv.temple DOT edu and type
> > "signoff networker" in the body of the email.
> Please write to
> > networker-request AT listserv.temple DOT edu if you have
> any problems with this list.
> > You can access the archives at
> > http://listserv.temple.edu/archives/networker.html
> or
> > via RSS at
>
http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
> > 
> 
> 
> Siobhán
> 
> To sign off this list, send email to
> listserv AT listserv.temple DOT edu and type "signoff
> networker" in the body of the email. Please write to
> networker-request AT listserv.temple DOT edu if you have
> any problems with this list. You can access the
> archives at
> http://listserv.temple.edu/archives/networker.html
> or
> via RSS at
>
http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
> 

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Encrpyption, Siobhán Ellis
Next by Date:  Re: [Networker] problem with nsrck -L 7 on Networker 7.4, Steven Weller
Previous by Thread:  Re: [Networker] Encrpyption, Siobhán Ellis
Next by Thread:  Re: [Networker] Encrpyption, David Magda
Indexes:  [Date] [Thread] [Top] [All Lists]