Backup Exec System Recovery FTP Offsite Option Security Concerns

 Hello! I am evaluating the most current edition of Symantec Backup Exec System Recovery. I would like to use the backup to FTP option, but I am wary of sending the content of my servers over an unencrypted connection with passwords and files in plain text. An FTP connection has a username and password which can be intercepted, which means a malicious person could in theory grab that password and download the contents of your FTP. That being said, please advise the following.

1. What type of security do the files which are being transmitted via the FTP contain? If they are encrypted, the malicious user would have no gain from downloading them, thus there is no concern. If the backup files are encrypted and protected, what type of protection is there? 

2. Is it possible to have Backup Exec open a PPTP VPN session to the FTP server, stream the data over a secured PPTP connection, and then close that connection every time the online offsite backup occurs? This would properly secure the transmission of this highly sensitive data.

Thank you for your suggestions, I could not find any security specifications surrounding this potential vulnerability.

Sincerely,

Jon
2 Replies
Highlighted

Hello Jon - Welcome. Thank

Hello Jon -

Welcome. Thank you for evaluating this product.

Customizing your FTP connection is not currently a feature of the FTP offsite option in BESR. However, to protect your data from unauthorized hands, use the Advanced Encryption Standard (AES) to encrypt recovery points that you create or archive. You will see this option when you are creating your backup job. You should use encryption if you store recovery points on a network or a remote location and want to protect them from unauthorized access and use. Encryption strengths are available in 128-bit, 192-bit, or 256-bit. While higher bit strengths require longer passwords, the result is greater security for your data.
Highlighted

Thank you!