If you're encrypting with Networker (I think the LTO-4 case is pretty
well-understood), and encryption is performed on the client, and there's
only one password which is stored on the server, and no concept of key
exchange or secure channels between client and server, how does the
password get passed to the client?
The answer to that question tells you how secure your backups are over the
wire.
--
Edward S. Marshall <esm AT fnal DOT gov>
MIS Department Technical Services
Fermi National Accelerator Laboratory, Batavia, IL USA
Stan Horwitz
<stan AT TEMPLE DOT EDU>
Sent by: EMC To
NetWorker NETWORKER AT LISTSERV.TEMPLE DOT EDU
discussion cc
<NETWORKER@LISTSE
RV.TEMPLE.EDU> Subject
Re: [Networker] backup data over
the net
07/31/2008 01:03
PM
Please respond to
EMC NetWorker
discussion
<NETWORKER@LISTSE
RV.TEMPLE.EDU>;
Please respond to
Stan Horwitz
<stan AT TEMPLE DOT EDU>
On Jul 31, 2008, at 1:09 PM, Teresa Biehler wrote:
> Ok, there has been lots of discussion lately about how to encrypt data
> that is written to tape. This brought up a question in my mind. What
> about all the backup data that is being sent over the network. Is
> this
> a secure transmission of the data? Is the data encrypted?
The answer depends on how you encrypt the data, or more importantly,
where you encrypt it. If you use NetWorker's built-in encryption
feature, the encryption happens on the client. The benefit there is
that the data is encrypted before it gets transmitted over the
network. Two disadvantages are: 1) the encryption happens on the
client so it consumes more processor cycles on the client and 2) no
key encryption management. If you encrypt the data using LTO-4 tape
drives, then the data remains unencrypted in transit, but there's no
hit on the clients. Either way, you lose the ability to compress the
data onto your backup media and recovers are going to be slower.
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type
"signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|