Networker

Re: [Networker] Data Encryption

2006-03-24 18:47:07
Subject: Re: [Networker] Data Encryption
From: Peter Viertel <Peter.Viertel AT MACQUARIE DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Sat, 25 Mar 2006 10:43:36 +1100
7.3 is the first version to introduce AES client-side encryption... its
probably in the manual somewhere but this raises the question of where
the key is stored.... do you have a central key on the server? can it be
found in the bootstrap backup (is it human-readable.. eg is there a way
of printing it? can it be copied around your networker servers so they
can share tapes? or is the key generated and stored on the clients?

even if the key is stored on the server - how safe is it?  if it's
stored cleartext then you'll never know if someone's pinched a copy of
it, these are all issues we've dealt with 6 or 7 years ago on webservers
by using HSM key-store boxes etc.

EMC, needing to do something quickly, didnt do much more than add some
encryption to help with tapes lost in transit. Admittedly thats the main
thing people want, but there is a heap of other requirements in this
area that are on my wishlist.

I'm wondering also - aesasm needs to be specified in a directive...   i
suppose that would make it hard to encrypt application specific
backups...   i can immediately see how to encrypt an exchange backup for
example.

> -----Original Message-----
> From: Legato NetWorker discussion
> [mailto:NETWORKER AT listserv.temple DOT edu]On Behalf Of Raghava Karu
> Sent: Saturday, 25 March 2006 6:06 AM
> To: NETWORKER AT listserv.temple DOT edu
> Subject: [Networker] Data Encryption
> 
> 
> Hi,
> 
> Can we encrypt backup data in Networker? If it's possible 
> with any apllication specific module can I take tapes from 
> site A and restore them at site B and vice versa? Which 
> Networker version is good for encruption? I found it's 
> possible in EBS7.3 aka Networker 7.3 with aesasm module, but 
> recover  cannot be recovered by prior networker versions. 
> Does it also depends upon data type ?
> 
> Thx in advance
> Raghava
> 
> To sign off this list, send email to 
> listserv AT listserv.temple DOT edu and type "signoff networker" in the
> body of the email. Please write to 
> networker-request AT listserv.temple DOT edu if you have any problems
> wit this list. You can access the archives at 
> http://listserv.temple.edu/archives/networker.html or
> via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
> 
> 


NOTICE
This e-mail and any attachments are confidential and may contain copyright 
material of Macquarie Bank or third parties. If you are not the intended 
recipient of this email you should not read, print, re-transmit, store or act 
in reliance on this e-mail or any attachments, and should destroy all copies of 
them. Macquarie Bank does not guarantee the integrity of any emails or any 
attached files. The views or opinions expressed are the author's own and may 
not reflect the views or opinions of Macquarie Bank.

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

<Prev in Thread] Current Thread [Next in Thread>