Security Basics mailing list archives
RE: Securing Backups via Encryption
From: Ken Buchanan <ken.buchanan () gmail com>
Date: Thu, 16 Jun 2005 11:09:25 -0400
This discussion was had last week on the Cryptography mailing list. http://www.mail-archive.com/cryptography () metzdowd com/index.html#04003 (the discussion is scattered across a couple of threads due to thread branching) Perry Metzger suggested he had helped customers encrypt tapes using naive solutions that avoid the key management problem (eg. use one key for all your tapes for six months). This doesn't scale, but is a probably a perfectly good solution if you have limited encryption requirements -- say, you just don't want the information exposed in plaintext when the tapes are out of your hands. Another problem with simple solutions is that if you encrypt before writing data to tape in a storage infrastructure then you lose all the benefits of compression. There is not really anything from the tape vendors -- *yet* -- but there are small vendors that offer storage encryption products. One of them, Decru, has just been bought by Network Appliance (announced this morning). A network computing article on the current state of storage security: http://www.networkcomputing.com/showitem.jhtml?docid=1607f2 -----Original Message----- From: Beauford, Jason [mailto:jbeauford () EightInOnePet com] Sent: Wednesday, June 15, 2005 6:12 PM To: dnardoni () firstresponseconsulting com; security-basics () securityfocus com Subject: RE: Securing Backups via Encryption Good question. Here I am not encrypting the data as it is archived to the tape. I am using Veritas BackupExec with LTO-2 as my archive solution. With the recent rash of data theft and lost backups (Citibank and Motorola), I too have become very interested in this topic. As of now I have an open case with Veritas (waiting for a call back) and I am hoping they can steer me in the right direction. Although I doubt it is an integrated feature. -JMB -----Original Message----- From: Dave Nardoni [mailto:dnardoni () firstresponseconsulting com] Sent: Wednesday, June 15, 2005 11:50 AM To: security-basics () securityfocus com Subject: Securing Backups via Encryption I am interested in how many of you are securing your backups via encryption. If you would not mind sharing some of your solutions. What are you using to encrypt data that goes to tape? What are you using to encrypt data that goes to disk? What are you using to encrypt data that goes to an offsite storage facility via web (ie. Xdrive or similar service offsite service)? What services do you employ to handle secure backups offsite? Any other ideas around this would be helpful. Thank you in advance for sharing your comments, David Nardoni CISSP, EnCE dnardoni () firstresponseconsulting com PGP Signature: 9CE4 C240 BBC7 2945 BDD6 C97A 0E3D 2547 DB0A 104C
Current thread:
- Securing Backups via Encryption Dave Nardoni (Jun 15)
- Re: Securing Backups via Encryption Stephane (Jun 16)
- <Possible follow-ups>
- RE: Securing Backups via Encryption Beauford, Jason (Jun 16)
- RE: Securing Backups via Encryption Atom Smasher (Jun 16)
- RE: Securing Backups via Encryption Ken Buchanan (Jun 16)
- Re: Securing Backups via Encryption T (Jun 17)
- RE: Securing Backups via Encryption Danny Puckett (Jun 17)