Networker

Re: [Networker] Encryption and password protection

2005-03-30 01:59:49
Subject: Re: [Networker] Encryption and password protection
From: Bart.Jespers AT FUJITSU-SIEMENS DOT COM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Wed, 30 Mar 2005 08:55:33 +0200
Siobhan,

I'm completely not familar with those kind of encryption devices. how can we 
use them?

is it something we put before the Tape drives? (between SAN and tape)

however I fear that this will be a costly solution. isn't there anything we can 
do using software (freeware). can't we add a | crypt somewhere to the networker 
stream?

Bart 

-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] 
On Behalf Of Siobhan Ellis
Sent: Tuesday, March 29, 2005 9:32 AM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] Encryption and password protection

Bart,
 
Legato looked at providing data encryption in NetWorker 7.x. However, due to 
the performance impact of doing encryption at source (it reduced backup 
throughput by as much as 60%, or more than doubled the time to do a backup), it 
was seen as not such a good idea to do it in software. Legato decided to leave 
this area to the professionals, such as NeoScale, Decru, and Digital 
Information Systems.
 
All these companies do the encryption in hardware, and thus you get very low 
latency with excellent encryption capabilities. 
 
My personal favourite is/was Neoscale.
 
 
 
Siobhán Ellis
Senior Technology Consultant
Enstor
Level 10, 118 Alfred St
Milsons Point
NSW 2061
Australia
 
Mobile: +61 424 750 544
Phone: +61 2 9900 2100
Fax: +61 2 9900 2199
e-mail: siobhan.ellis AT enstor.com DOT au

>>> Bart.Jespers AT FUJITSU-SIEMENS DOT COM 29/03/2005 4:44:35 pm >>>

Hello All, 

I have some questions about password protection and encryption with networker. 
for a RFO we stated that networker can password protect and encrypt the data 
flow. only afterwards we saw that apparently this is only possible on windows 
and netware. The customer wants us to encrypt all data, also solaris and linux 
clients

from the windows admin guide: 
The password ASMs, available for Microsoft Windows and NetWare clients only, 
are used to password-protect (pw1) or encrypt (pw2) data. 

I have some questions about this 

1) is it absolutely not possible to use those ASM's on linux and solaris

2) from the legato database I received a "solution" using a (unknown to
me) ASM : xlateasm. does this work? what does this do? below this email is more 
info about it

3) can we encrypt or password protect data on an other way? 
4) can we do compression and pasword protection (or encryption) in 1 directive. 
so that the data of 1 client is encrypted and compressed.

Thanks 

Bart 

PS 

Solution Information 

Title:How to encrypt NetWorker client's backup data
ID:legato6254
Solution Statements 


Here is the solution:  
(Click Here To Go Back) 

There is an ASM with NetWorker called xlateasm which can be added to client 
side or server side directives. 


Example: 

<< / >> 
+xlateasm: *

Would have the client encrypt all its data when sent to the server. 

<< "C:\My Documents" >> 
+xlateasm: *.*

Would have the My Documents folder on drive C: encrypted. 

NOTE: 
-----------
This option will slow restore procedures down on the Client side when the data 
is decrypted before being written to the file system.


NOTE: 
----------- 
The encryption method used by xlateasm is not very sophisticated and
relies on the security of the encryption algorithm. Thus, we do not
publish what this algorithm is. No encryption key is required. However,
a hacker might well be able to figure out how to de-encrypt data either
by examining the executable code or by brute force. Therefore, we do not
recommend use of this method for any purpose other than to discourage
prying or eliminate the possibility of unintentional examination of
data. 

(Click Here To Go Back)  
  

Here is the problem or goal: 
How to encrypt scheduled backups 
  
Can scheduled backups be encrypted 
  
Encryption for scheduled backups 
  

Click here to see the problem environment. 



        __________________________________________________ 
        Jespers Bart 
        IT Consultant LCNA 
        FSC Professional Services 

        Fujitsu<FONT COLOR="#000000" S


--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=


--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

<Prev in Thread] Current Thread [Next in Thread>