Security Basics mailing list archives

RE: Securing Backups via Encryption

From: Ken Buchanan <ken.buchanan () gmail com>
Date: Thu, 16 Jun 2005 11:09:25 -0400

This discussion was had last week on the Cryptography mailing list.

http://www.mail-archive.com/cryptography () metzdowd com/index.html#04003
(the discussion is scattered across a couple of threads due to thread branching)

Perry Metzger suggested he had helped customers encrypt tapes using
naive solutions that avoid the key management problem (eg. use one key
for all your tapes for six months).  This doesn't scale, but is a
probably a perfectly good solution if you have limited encryption
requirements -- say, you just don't want the information exposed in
plaintext when the tapes are out of your hands.

Another problem with simple solutions is that if you encrypt before
writing data to tape in a storage infrastructure then you lose all the
benefits of compression.

There is not really anything from the tape vendors -- *yet* -- but
there are small vendors that offer storage encryption products.  One
of them, Decru, has just been bought by Network Appliance (announced
this morning).

A network computing article on the current state of storage security:
http://www.networkcomputing.com/showitem.jhtml?docid=1607f2


-----Original Message-----
From: Beauford, Jason [mailto:jbeauford () EightInOnePet com]
Sent: Wednesday, June 15, 2005 6:12 PM
To: dnardoni () firstresponseconsulting com;
security-basics () securityfocus com
Subject: RE: Securing Backups via Encryption


Good question.  Here I am not encrypting the data as it is archived to
the tape.  I am using Veritas BackupExec with LTO-2 as my archive
solution.  With the recent rash of data theft and lost backups (Citibank
and Motorola), I too have become very interested in this topic.  As of
now I have an open case with Veritas (waiting for a call back) and I am
hoping they can steer me in the right direction.  Although I doubt it is
an integrated feature.

-JMB

-----Original Message-----
From: Dave Nardoni [mailto:dnardoni () firstresponseconsulting com] 
Sent: Wednesday, June 15, 2005 11:50 AM
To: security-basics () securityfocus com
Subject: Securing Backups via Encryption


I am interested in how many of you are securing your backups via
encryption.

If you would not mind sharing some of your solutions.

What are you using to encrypt data that goes to tape? 
What are you using to encrypt data that goes to disk?
What are you using to encrypt data that goes to an offsite storage
facility via web (ie. Xdrive or similar service offsite service)? What
services do you employ to handle secure backups offsite?

Any other ideas around this would be helpful.

Thank you in advance for sharing your comments,

David Nardoni CISSP, EnCE
dnardoni () firstresponseconsulting com
PGP Signature: 9CE4 C240 BBC7 2945 BDD6  C97A 0E3D 2547 DB0A 104C

Current thread:

Securing Backups via Encryption Dave Nardoni (Jun 15)
- Re: Securing Backups via Encryption Stephane (Jun 16)
- <Possible follow-ups>
- RE: Securing Backups via Encryption Beauford, Jason (Jun 16)
  - RE: Securing Backups via Encryption Atom Smasher (Jun 16)
- RE: Securing Backups via Encryption Ken Buchanan (Jun 16)
- Re: Securing Backups via Encryption T (Jun 17)
- RE: Securing Backups via Encryption Danny Puckett (Jun 17)