Veritas-bu

Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape

2011-11-29 14:35:24
Subject: Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape
From: "Robyn Hirano" <robyn.hirano AT roddconsulting.com DOT au>
To: <VERITAS-BU AT MAILMAN.ENG.AUBURN DOT EDU>
Date: Wed, 30 Nov 2011 06:35:05 +1100
Dear Sanjay Nefarious,

I understand why you've used novice123 and not said who you work for, (and
it's not on the profile you put on backup central) but I thought I'd use
your name that came through.

Whilst this list is incredibly helpful, but maybe we shouldn't risk putting
too much information up as it can help hackers? I'm not one for security by
obscurity, but it seems silly to shoot yourself in the foot when your email
is clearly about articulating the risk.

As it's a security matter for your company, perhaps you could also speak to
Symantec. Especially as adding encryption has significant design and cost
impacts.

Robyn

-- 
Robyn Hirano
Rodd Consulting Pty Ltd
M: +61 412 352 725
E: robyn.hirano AT roddconsulting.com DOT au

-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of novice123
Sent: Tuesday, 29 November 2011 5:59 PM
To: VERITAS-BU AT MAILMAN.ENG.AUBURN DOT EDU
Subject: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape

Dear All,

During a risk assessment exercise, I realized that my backup admin does not
encrypt data in backup tapes. He argues, it is not required as an adversary
cannot recover/read data from the backup tape, assuming its stolen, if he
does not have the corresponding catalog. He further adds that catalog is
kept secure. We are using Veritas netbackup 6.5. I am unfamiliar with the
technology, hence would want to know the following:

a) If catalogs are secure, why should the software have a feature for
encrypting data in the backup tape?

b) If the argument is invalid, how can an adversary read/recover the data
from the stolen backup tapes, even if he does not have the catalog. Please
help in articulating the risk.

Any help in this regard is appreciated.

Thanks in anticipation

+----------------------------------------------------------------------
|This was sent by sanjay.nefarious AT gmail DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1411 / Virus Database: 2092/4045 - Release Date: 11/28/11

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu