cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

User files encryption and restore !

Go to solution
osmoze
Level 3

‎03-17-2011 11:07 AM

hi everyone ;

I m running backup exe 2010 with DLO agent .

i m trying to setting up encryption for user files so when restored , even storage operators ( AD users with all privileges to backup operations) cannot open them when the files are restored using redirection to directory .

i ve setup a profile for backing up users files , but when i restore them ( i m a backup operator )i m able to open them with no problem , i want this to be restricted so i cannot see the files content .

is there any way to do that ? am i missing somthing ? 

any help will be gratfull . 

 

thanks in advance .

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Kiran_Bandi
Level 6
Partner Accredited

‎03-17-2011 09:04 PM

First thing to note here is Encryption will keep unauthorised users away from restore operations on encrypted meida. Specifically saying if you use restricted type of encryption key for encryption of data while backing up, other than the user who created it should know the pass phrase to restore from the media.

i m trying to setting up encryption for user files so when restored , even storage operators ( AD users with all privileges to backup operations) cannot open them when the files are restored using redirection to directory .

NO, this is not possible.

is there any way to do that ?

No, Once restored to a location, the files/folders can be viewed by any user who has sufficient windows privileges.

Regards...

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Kiran_Bandi
Level 6
Partner Accredited

‎03-17-2011 09:04 PM

First thing to note here is Encryption will keep unauthorised users away from restore operations on encrypted meida. Specifically saying if you use restricted type of encryption key for encryption of data while backing up, other than the user who created it should know the pass phrase to restore from the media.

i m trying to setting up encryption for user files so when restored , even storage operators ( AD users with all privileges to backup operations) cannot open them when the files are restored using redirection to directory .

NO, this is not possible.

is there any way to do that ?

No, Once restored to a location, the files/folders can be viewed by any user who has sufficient windows privileges.

Regards...

0 Kudos

Go to solution
osmoze
Level 3

‎03-18-2011 02:08 AM

Here you 're talking about Tape storage , but in my case it"s DLO that i m using , the files are stored in a Disk storage on the network , i m able to browse the directory for each user and see the backed files with the prefixe [some numbers here]nameofthefile.doc or any other extension . here the files are encrypted , but when i restore them they become clear and viewable even i restore them to any other directory !! i m wondering where is the security/confidentiality here if a backupoperator can restore any file ( even sensitive files ) and view them !!!

0 Kudos

Go to solution
Kiran_Bandi
Level 6
Partner Accredited

‎03-18-2011 06:29 AM

If you use restricted type of encryption key, then only the key owner can restore from the backup which was encrypted by using that key. If any other users try to restore  from that backup, BE prompts for the pass phrase.

Before restoring data BE decrypts that data and restores it. So once restored the data will be at its original state.(Unencrypted). 

Hope this helps... 

0 Kudos

Go to solution
osmoze
Level 3

‎03-18-2011 09:21 AM

thanks for the reply .

0 Kudos