Re: [Networker] encryption of bootstrap
2007-12-18 22:55:50
On Dec 18, 2007, at 7:17 PM, Rick Brode wrote:
A student in class today raised a question about AES encryption that
I can't answer. When a directive is configured to perform aes
encryption during backup of a NW client, is the bootstrap save set
also encrypted?
I would think not, since the bootstrap is being backed up from the
NW server and not the NW client; t seems like it would also tend to
confuse mmrecov if the bootstrap ever was encrypted. If this is the
case, it seems that if the volume containing the client's encrypted
save sets falls into "evil hands", the unencrypted bootstrap save
set could be recovered (assuming it is on the same volume) and the
datazone pass phrase used to perform the encryption could be
determined from the recovered resources. Thus, the purpose of doing
the encryption is thwarted; someone can determine the pass phrase
used to perform the encryption and therefore recover any of the data
on the volume.
Am I misunderstanding something here?
Rick; the bootstrap saveset belongs to the NetWorker server, not to
the client who's backup data is being encrypted so I don't see why the
bootstrap would be encrypted. If you are so inclined, try doing a test
with EAS and sniff the packets during the process. Then back up the
NetWorker server so a bootstrap is generated and sniff the server's
network packets during that process and you should see for yourself
what happens.
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|