[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Backup software; Legato vs. Veritas?

To: "Richard C. Dempsey" <dempsey@Kodak.COM>
Subject: Re: Backup software; Legato vs. Veritas?
From: Gene Rackow <rackow@mcs.anl.gov>
Date: Fri, 07 Jan 2000 08:32:30 -0600
cc: sage-members@usenix.org, rackow@mcs.anl.gov
In-reply-to: Your message of "Fri, 07 Jan 2000 08:33:34 EST." <3.0.32.20000107083333.00b26340@corpmail.kodak.com>
Sender: owner-sage-members@usenix.ORG

One thing that has eluded me is what do you do with all of your
crypto data sets and backups when you find yourself in a situation
where one of your "trusted" employees goes bad.  If he knows the key
your crypto is no longer of much value.  How do you change the online
version of the crypto data without disrupting current operation?
Do you need to go back and re-key all of the data you have on tape? 
If you don't re-key, how do you deal with the protection of the
archive of your keys?

---Gene

   Gene Rackow                    email: rackow@mcs.anl.gov
   Math & Computer Science        voice: 630-252-7126
   Argonne National Lab           FAX:   630-252-5986
   9700 S. Cass Ave. / Argonne, IL  60439




"Richard C. Dempsey" made the following keystrokes:
 >At 09:59 AM 1/5/00 -0800, Jurgen Botz wrote:
 >> [...]
 >>As for encryption... I have long been puzzled that most backup
 >>software does not have this feature.  It seems a major weak link in
 >>any data security scheme to have unencrypted backups.  Yeah, you 
 >>can put your tapes in a vault, and should, but since you're likely
 >>to have so many of them and ship some off-site, etc., they seem
 >>much harder to keep secure than the disks the data came off of.
 >
 >One of the sessions I attended at LISA 99 hammered home in my mind
 >that cryptosystem design and implementation is WAY harder than
 >selecting the right cryptographic algorithm to encode the data.
 >It does no good to encrypt the data if the key (mis)management
 >discloses a key.  (ref: disclosure of DVD encryption)
 >
 >For that matter, encryption does no good in a restoration
 >situation if the required key is lost, preventing access to the
 >backup copies of data.
 >
 >It's also not clear to me that encryption will be wildly effective
 >if a black hat obtains a backup tape, because he's going to be able
 >to hit it with all his resources in private.
 >
 >If the security of your data is sufficiently important to warrant
 >the investment of the time and effort to design a solid cryptosystem
 >to protect it from disclosure if the tapes fall into the wrong hands,
 >I suspect that a fraction of that investment spent first to ensure
 >proper physical handling and protection of the tapes would be
 >significantly more effective, both in absolute protection and in
 >value for governmental currency unit.
 >
 >In summary, I think it's a whole lot easier to implement proper
 >physical handling than to go the crypto way.
 >
 >In fact, I think proper physical handling of the keys would have to
 >be designed for a crypto solution, anyway.  Why not do it first for
 >the tapes, and analyze what risks remain?
 >
 >Rich
 >
 >Richard C. Dempsey                 email: dempsey@kodak.com
 >Public Online Services             pager: 716-975-3539
 >11th Floor, Bldg 83, RL            phone: 716-477-3457
 >Eastman Kodak Company              fax:   716-722-3885
 >Rochester, NY 14650-2203
 >

References:
- Re: Backup software; Legato vs. Veritas?
  - From: "Richard C. Dempsey" <dempsey@Kodak.COM>

Prev by Date: Re: Backup software; Legato vs. Veritas?
Next by Date: Re: Backup software; Legato vs. Veritas?
Prev by thread: Re: Backup software; Legato vs. Veritas?
Next by thread: Re: Backup software; Legato vs. Veritas?
Index(es):
- Date
- Thread