[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Backup software; Legato vs. Veritas?

To: "Richard C. Dempsey" <dempsey@Kodak.COM>
Subject: Re: Backup software; Legato vs. Veritas?
From: Howard Kaye <Howie.Kaye@msdw.com>
Date: Fri, 07 Jan 2000 11:02:20 -0500
CC: sage-members@usenix.org
Organization: Morgan Stanley Dean Witter & Co.
References: <3.0.32.20000107083333.00b26340@corpmail.kodak.com>
Sender: owner-sage-members@usenix.ORG

Since many backup systems make use of tape jukeboxes, the tapes may be
accessible, even though they are in a physically secure location. 
Physical security isn't enough if someone can get into your site, and
then get to the tapes over the network.

Howie

"Richard C. Dempsey" wrote:
> 
> At 09:59 AM 1/5/00 -0800, Jurgen Botz wrote:
> > [...]
> >As for encryption... I have long been puzzled that most backup
> >software does not have this feature.  It seems a major weak link in
> >any data security scheme to have unencrypted backups.  Yeah, you
> >can put your tapes in a vault, and should, but since you're likely
> >to have so many of them and ship some off-site, etc., they seem
> >much harder to keep secure than the disks the data came off of.
> 
> One of the sessions I attended at LISA 99 hammered home in my mind
> that cryptosystem design and implementation is WAY harder than
> selecting the right cryptographic algorithm to encode the data.
> It does no good to encrypt the data if the key (mis)management
> discloses a key.  (ref: disclosure of DVD encryption)
> 
> For that matter, encryption does no good in a restoration
> situation if the required key is lost, preventing access to the
> backup copies of data.
> 
> It's also not clear to me that encryption will be wildly effective
> if a black hat obtains a backup tape, because he's going to be able
> to hit it with all his resources in private.
> 
> If the security of your data is sufficiently important to warrant
> the investment of the time and effort to design a solid cryptosystem
> to protect it from disclosure if the tapes fall into the wrong hands,
> I suspect that a fraction of that investment spent first to ensure
> proper physical handling and protection of the tapes would be
> significantly more effective, both in absolute protection and in
> value for governmental currency unit.
> 
> In summary, I think it's a whole lot easier to implement proper
> physical handling than to go the crypto way.
> 
> In fact, I think proper physical handling of the keys would have to
> be designed for a crypto solution, anyway.  Why not do it first for
> the tapes, and analyze what risks remain?
> 
> Rich
> 
> Richard C. Dempsey                 email: dempsey@kodak.com
> Public Online Services             pager: 716-975-3539
> 11th Floor, Bldg 83, RL            phone: 716-477-3457
> Eastman Kodak Company              fax:   716-722-3885
> Rochester, NY 14650-2203

References:
- Re: Backup software; Legato vs. Veritas?
  - From: "Richard C. Dempsey" <dempsey@Kodak.COM>

Prev by Date: Re: Backup software; Legato vs. Veritas?
Next by Date: Reliability and assurances
Prev by thread: Re: Backup software; Legato vs. Veritas?
Next by thread: Encryption Key Lengths
Index(es):
- Date
- Thread