Forum Discussion

SMorais's avatar
SMorais
Level 3
7 years ago

restore security doubts

Hello folks.

My organization is under ISO auditing and I'm reviewing my procedures documents and I have a security issue here that  I'm not sure about:

Is BE Encryption key responsible for preventing to restore backup data on a different server than the original one?

If it is not, how can I prevent it from hapenning? For example, if I have my tapes stolen, how can I be sure that these files won't be accessed?

  • pkh's avatar
    pkh
    7 years ago

    Encryption is never enabled as a default.  You have to enable it by creating encryption keys using passphrases.  This is done under Settings --> Network.

    You then use these keys when you enable encryption in your jobs.  If you need to retore the tapes on another system or installation, you need to know the encryption passphrase.  Otherwise, they cannot be accessed.  If you loose the encryption keys, then even Veritas is unable to recover them for you and your tapes cannot be accessed.

  • Encryption would prevent your tapes from being read without knowing the encryption key.

    I am not sure if you can prevent it from being restored on a different server, but I am not sure you really want that.  In a disaster, you might be restoring on different/replacement servers.

    • SMorais's avatar
      SMorais
      Level 3

      I think it should have an ecryption method that could be exported or stored on a different file just like encryption key, so, in a case of disaster, I'd be able to restore those files.

      you mentioned this encryption that prevents my tapes from being read without encryption key. How can I enable it? or is it enabled by default?

      • pkh's avatar
        pkh
        Moderator

        Encryption is never enabled as a default.  You have to enable it by creating encryption keys using passphrases.  This is done under Settings --> Network.

        You then use these keys when you enable encryption in your jobs.  If you need to retore the tapes on another system or installation, you need to know the encryption passphrase.  Otherwise, they cannot be accessed.  If you loose the encryption keys, then even Veritas is unable to recover them for you and your tapes cannot be accessed.