Are there any suggestions ???

point-blanc · ‎07-02-2014

I went through the article: http://www.symantec.com/docs/TECH124682

This is basically my question/concern when it comes to the "fixed" key encryption that article talked about:

Does this mean all BackupExec products share the same encryption key? Here is a scenario to better explain my question:

An attacker gains access to our deduplication folder, but not to our Backup Exec server, could this attacker, in theory, just spin up a brand new Backup Exec instance on their own, purchased or otherwise, and connect to our deduplication folder, and from their decrypt, view/read/recover the backup data housed in that folder?

This, of course, is an unlikely scenario but one I want to know I am protected against. If this is the case it won't be a concern for us, we will just add another layer of encryption protection (one that is FIPS compliant) on the deduplication storage outside of Backup Exec embedded encryption.

VJware · ‎07-02-2014

No, same encryption key is not used.

And theoretically, if one has access to the BE media server, the data on the DeDupe folder can be decrypted.

point-blanc · ‎07-02-2014

So what is the use of encryption in this case ?

point-blanc · ‎07-02-2014

Ok I understand if one has access to our media server. What if the attacker does not have access to our Backup Exec ? He just installs a brand new Backup Exec and connects our dedup storage to his Backup Exec

point-blanc · ‎07-02-2014

An attacker gains access to our deduplication folder, but not to our Backup Exec server

point-blanc · ‎07-02-2014

Are there any suggestions ???

Colin_Weaver · ‎07-03-2014

I asked around internally and the Encryption is based on LZ0 and you would need the details of the username used when setting up the Deduplication Storage Folder in the first place in order to access the data.

We can't really give any more detail on this as any information we might provide could potentiallly help someone with malicious intent.

VOX

Encryption for Dedup storage.