jimmycan
asked on
Backup Exec Encryption/Server 2003 password hacking
I have a client who uses Symantec Backup Exec 11d to backup a Windows 2003 SBS to a Dat Drive with a restricted encryption key.
As I understand it Data can only be restored if the the pass phrase is known or by the key owner. As the key owner will have have an AD username and password that could be hacked (LC5/Rainbow etc), I wonder how secure the encrypted data on the DAT cartridges actually is. Can anyone advise?
Thanks
As I understand it Data can only be restored if the the pass phrase is known or by the key owner. As the key owner will have have an AD username and password that could be hacked (LC5/Rainbow etc), I wonder how secure the encrypted data on the DAT cartridges actually is. Can anyone advise?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What about physical security? You mean everyone cab just grab a tape and dismantle it, exploring the secrets?
ASKER
Well no. Not that easy. But I think physical security is impossible to maintain 24/7 in the average work enviroment.
There are about 120 employees, some with a resonable degree of computer expertise and that is why I wanted to find someway where only a the 2 Directors and myself can restore data.
I feel it would be about as secure and simple as possible if the passkey was required each and every time a file or files are to be rstored.
I think that obtaining the Backup Exec Account password for the encryption key owner is an unnecessay risk. I could be wrong though...
There are about 120 employees, some with a resonable degree of computer expertise and that is why I wanted to find someway where only a the 2 Directors and myself can restore data.
I feel it would be about as secure and simple as possible if the passkey was required each and every time a file or files are to be rstored.
I think that obtaining the Backup Exec Account password for the encryption key owner is an unnecessay risk. I could be wrong though...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes. I will. I'll try that and post again. Thanks for all your comments to day MidnightOne.
What about a locked room in the first place??
ASKER
Thanks for your responses peakpeak.
The server room is normally locked but I can't be sure happening when I'm on annual leave, training etc so back to square one. I can't understand why Symantec designed it that way. Must be some reason...
The server room is normally locked but I can't be sure happening when I'm on annual leave, training etc so back to square one. I can't understand why Symantec designed it that way. Must be some reason...
be SMART jimmy, CHANGE the password and bring it WITH you !!!!
Tape Too !!!
I had a safe where I worked. I had the combination. They had the number for a locksmith if I got hit by a bus.
pass phrase, do you know it?
this is a test, nes't pas?
ASKER
Not sure about that. Still thing the best/simplest/securiest solution would be if no passkey - no restore.
Best Practicies is to RELY on people, there's always a possibillity of break. Can you restructure the culture of the company to a more civilized level? Are you able to do that?
ASKER
Thanks for you time Gentleman...J
ASKER
I looked into using Geniesoft Server Backup Manager. It would only allow a user with the AES256 Passkey to restore data. Seemed a better and more secure way to do it. Unfortunately I had problems with this product in other areas which made it unsuitable.