On 11/29/2011 12:59 AM, novice123 wrote: > Dear All, > > During a risk assessment exercise, I realized that my backup admin does not > encrypt data in backup tapes. He argues, it is not required as an adversary > cannot recover/read data from the backup tape, assuming its stolen, if he > does not have the corresponding catalog. He further adds that catalog is kept > secure. We are using Veritas netbackup 6.5. I am unfamiliar with the > technology, hence would want to know the following: > > a) If catalogs are secure, why should the software have a feature for > encrypting data in the backup tape?
You can always import images from a tape. Takes a while. Its also extractable even without NBU involved, esp if not multiplexed. This isn't true. I encrypt my backups AND catalogs. (Just make sure you have hard copy of KMS keys in the safe). LTO4 hardware encyption isn't too much of a performance hit for the piece of mind. > > b) If the argument is invalid, how can an adversary read/recover the data > from the stolen backup tapes, even if he does not have the catalog. Please > help in articulating the risk. > mt to position to each file, then tar. or if you have NBU, import the tape. _______________________________________________ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu