Re: Tar backups creating secure tape image?
From: Chris Mattern (syscjm_at_gwu.edu)
Date: 08/26/03
- Next message: Marc David Ronell: "Re: Tar backups creating secure tape image?"
- Previous message: David Magda: "Re: Backups to disk (experience ?)"
- In reply to: Marc David Ronell: "Re: Tar backups creating secure tape image?"
- Next in thread: Marc David Ronell: "Re: Tar backups creating secure tape image?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 26 Aug 2003 15:47:45 -0400
Marc David Ronell wrote:
Please don't email *and* post to the newsgroup; I had no idea that
this reply went to the newsgroup. Just reply to the newsgroup
unless you have a need to talk to me privately. Thank you.
>>>"Chris" == Chris Mattern <syscjm@gwu.edu> writes:
>>
>
> > Marc David Ronell wrote:
> >> Is there a good method to use tar to create secure tape backups?
> >> The goal is to encrypt each file individually and then put the
> >> encrypted file into the archive. Encrypting the archive would
> >> seem to yield a fragile backup and is not desired.
> >>
> > Encrypting backups strikes me as a rather poor idea. The last
> > thing you need is to be locked out of your backups when you need
> > them. Tapes are offline when not being used anyways. Maintain
> > proper physical security of your tape vault and that should take
> > care of your security requirements.
>
> Most places I have been in do not, unfortunately , have a tape vault.
Really? I've never worked in a data center that didn't have one.
> Also, doesn't it seem silly to have logins and password protection on
> normal machine access, but not on backups? If one cannot break into a
> machine, it is trivial to borrow a recent backup tape.
Trivial? Once again, every place I've ever worked, only ops and the
admins had physical access to the backup tapes. Frankly, if any user
can walk in and grab your backup tapes, you have no backups that you
can count on. Even if they're encrypted, your user can still just
wipe the tape (or steal it).
Physical security of your machines and media is step one in securing
your servers. Without that, you might as well not bother, because
you don't have any security.
Chris Mattern
- Next message: Marc David Ronell: "Re: Tar backups creating secure tape image?"
- Previous message: David Magda: "Re: Backups to disk (experience ?)"
- In reply to: Marc David Ronell: "Re: Tar backups creating secure tape image?"
- Next in thread: Marc David Ronell: "Re: Tar backups creating secure tape image?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
