Re: [Networker] Encrpyption
2008-01-12 12:13:30
On Jan 12, 2008, at 00:29, Curtis Preston wrote:
Stan said:
Do you propose that some Joe NetWorker administrator have access to
his or her organization's security keys? I for one would not want to
have that level of responsibility. The person who holds the keys
should be in the data security group, not the backup group. I have
What you're describing is OLD style key management, like that found in
the checkbox feature that NW already has. I would assume that if they
add code to support tape drive encryption management, they will not
have
a single-key system that would rely on (or be vulnerable to attack by)
one person. A good key management system never lets you see the
actual
key. There would be multiple security admins that would enable/
disable
encryption, and the loss of one or more them would not cripple the
system any more than losing a sysadmin cripples your ability to
administer the box.
[...]
A good key management system would do the same.
I still think that software products should support keeping keys
inside their internal databases and directly interacting with (LTO-4)
drives. This would cover the simple scenario of your offsite media
being lost or stolen. While this may not cover the situations of an
insider or disgruntled (ex-)employee doing things to the data, it is
a basic precaution if you want to protect things like your database
backups, which may have customer data.
If your security policy, or level of paranoia (or regulatory
framework), dictates that you can't see the encryption keys, or
access to them is segmented off to a group of people other than your
sys admins, then you can go ahead and add third part key management
systems. However, as someone who's worked in smaller departments and
companies (with both Networker and NetBackup), I'd like to have the
option of clicking on a check-box to enable encryption on the drive
and be done with it.
I can understand larger organizations and public companies needing
more 'robust' things, but I don't see why this functionality can't be
there even though it may be considered "less secure", especially when
the alternative is to have no protection for your tapes (which is the
case in many instances now). (And I don't consider the "aes" ASM a
viable long-term option now as it eats CPU and kills hardware
compression.)
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|