Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape

2011-11-29 09:48:03
Subject: Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape
From: "Lightner, Jeff" <JLightner AT water DOT com>
To: "VERITAS-BU AT MAILMAN.ENG.AUBURN DOT EDU" <VERITAS-BU AT MAILMAN.ENG.AUBURN DOT EDU>
Date: Tue, 29 Nov 2011 14:47:54 +0000 
Additionally for Linux/UNIX at least the format written on tape is using a 
modified version of GNU Tar so one could get the raw data using GNU Tar or even 
dd so you don't even need NetBackup's import capability.   Someone attempting 
to steal data does NOT limit themselves to restoring to the same 
filesystem/directories or even file names.   This is why people typically wipe 
disk drives before discarding them.

On the flip side whether you need to encrypt the data is dependent on what 
happens to the tapes and how comfortable you feel with it.   e.g. if they're 
stored in a safe on your site then the likelihood the physical media will be 
compromised is low.   If you're sending them offsite the likelihood increases 
although folks like Iron Mountain have their own security procedures to deal 
with custody of tapes.   Additionally they're may be other mitigating factors 
(e.g. your database management system encrypts data itself so that encryption 
of a database backup might be duplicated effort.)  Finally you have to measure 
the desire for encryption against keeping track of keys used for encryption 
permanently (and of course keeping such keys secure).





-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu 
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Justin 
Piszcz
Sent: Tuesday, November 29, 2011 4:01 AM
To: VERITAS-BU AT MAILMAN.ENG.AUBURN DOT EDU
Subject: Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape

Hi,

Not true, you can bpimport the tape, its two phases (with NBU) and takes 2-4
hours per tape, this re-creates the catalog data from the tape media itself.

Read more here:
http://www.symantec.com/business/support/index?page=content&id=TECH43584

Justin.

-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of novice123
Sent: Tuesday, November 29, 2011 1:59 AM
To: VERITAS-BU AT MAILMAN.ENG.AUBURN DOT EDU
Subject: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape

Dear All,

During a risk assessment exercise, I realized that my backup admin does not
encrypt data in backup tapes. He argues, it is not required as an adversary
cannot recover/read data from the backup tape, assuming its stolen, if he
does not have the corresponding catalog. He further adds that catalog is
kept secure. We are using Veritas netbackup 6.5. I am unfamiliar with the
technology, hence would want to know the following:

a) If catalogs are secure, why should the software have a feature for
encrypting data in the backup tape?

b) If the argument is invalid, how can an adversary read/recover the data
from the stolen backup tapes, even if he does not have the catalog. Please
help in articulating the risk.

Any help in this regard is appreciated.

Thanks in anticipation

+----------------------------------------------------------------------
|This was sent by sanjay.nefarious AT gmail DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu




Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you are 
not the intended recipient, any disclosure, copying, distribution, or use of 
the contents of this information is prohibited and may be unlawful. If you have 
received this electronic transmission in error, please reply immediately to the 
sender that you have received the message in error, and delete it. Thank you.
----------------------------------

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Veritas-bu] NetBackup OpsCenter vs. OpsCenter w/Analytics, bob944
Next by Date:  [Veritas-bu] SQL file stats not correct, Jim Caldwell
Previous by Thread:  Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape, Justin Piszcz
Next by Thread:  Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape, John Berchmans
Indexes:  [Date] [Thread] [Top] [All Lists]