HPE Community
Operating System - Tru64 Unix
1828354 Members
3002 Online
109976 Solutions
New Discussion

Backup and Recovery Security ( HELP!!!)

 
SOLVED
Go to solution
Mushy_1
Occasional Advisor

‎09-19-2005 01:02 PM

‎09-19-2005 01:02 PM

Backup and Recovery Security ( HELP!!!)

Hi!

I am using Digital Unix 4.0D. Currently, we are performing backup using tar cvf command. Do you know anyway to add some security in the backup so as not to easily restore it when without proper authorization. Something like encryption or password protection?

This is really urgent! please help!!
Life and Death are in the power of the tongue!
0 Kudos
14 REPLIES 14
Adisuria Wangsadinata_1
Honored Contributor

‎09-19-2005 01:25 PM

‎09-19-2005 01:25 PM

Re: Backup and Recovery Security ( HELP!!!)

Hi,

On 'tar' command, there's no features to add some security in the backup as you describe.

But we can create the privilage for command 'tar' for the one (beside root user)with authorization only.

Hope this information can help you.

Cheers,
AW
now working, next not working ... that's unix
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎09-19-2005 01:32 PM

‎09-19-2005 01:32 PM

Re: Backup and Recovery Security ( HELP!!!)

You could pipe the output of tar thru compress before dd'ing to tape but the easist thing to do is chmod the tar command so that only root can execute it. Assuming that you tar to tape, you could also greatly restrict the permissions on the tape device nodes so that only root can read from the device. You should also greatly restrict the write permissions in the /dev directories so someone cannot simply remove the tape device nodes and recreate them.

I don't really like your approach because it overlooks the most obvious problems. If you are concerned that someone can restore data, what's to prevent them from simply cp'ing files? Also, how do these unauthorized users gain physical access to your media or to your tape drives? Those are the sort of questions that must be addressed long before you worry about encryption.
If it ain't broke, I can fix that.
0 Kudos
Mushy_1
Occasional Advisor

‎09-19-2005 02:08 PM

‎09-19-2005 02:08 PM

Re: Backup and Recovery Security ( HELP!!!)

Hi!

Thanks for the response. Here is the scenario, we wanted to be sure that our data will not be easily restored in case it gets in the hand of unauthorized people, a theft or something like that. I am working in a multinational company and our data are sent offsite. Along the way, there may be a possibility of theft. The tar command is restricted and but can the the restoration process be restricted as well? i mean using another tape drive not from our company.

thanks again!
Life and Death are in the power of the tongue!
0 Kudos
Adisuria Wangsadinata_1
Honored Contributor

‎09-19-2005 02:29 PM

‎09-19-2005 02:29 PM

Re: Backup and Recovery Security ( HELP!!!)

Hi,

I hope you send the tape offsite by other company (not by your company), this will increase the responsibility how to take care the tape from your site to the other site where the tape will be store.

For the worse case scenario, the tape has been stolen by theft and this tape will be usefull if the theft knows what data in that tape and how to restore it. Otherwise the tape is just a tape.

So it will be good idea if you have a good company who profesional to take care the offsite backup.

Tar is a basic command to backup, so nothing much we can get from this command. The good way is to make sure that everything will be safe by making a good plan.

Hope this information can help.

Cheers,
AW
now working, next not working ... that's unix
0 Kudos
Mushy_1
Occasional Advisor

‎09-19-2005 02:43 PM

‎09-19-2005 02:43 PM

Re: Backup and Recovery Security ( HELP!!!)

Hi Adisuria!

I appreciate all your responses but then, yes, our tapes were stolen. Moving forward, we wanted to make sure that all backups are secure both physically and internally. Meaning if a techy person stoles it, he may have no way of restoring it. I hope you can give me suggestions or even writeups or docs on how to implement added security features.
Life and Death are in the power of the tongue!
0 Kudos
Adisuria Wangsadinata_1
Honored Contributor

‎09-19-2005 02:55 PM

‎09-19-2005 02:55 PM

Solution

Re: Backup and Recovery Security ( HELP!!!)

Hi,

Like i informed to you previously, 'tar' command is a basic command.

To improve the security features on the backup, you need to upgrade your backup method to the next level. And offcourse this is not free as 'tar' command.

The next level by using the backup management software (eg. DataProtector, Veritas) where they have the encryption features.

Below is the url for DataProtector, hope this can help you as your reference :

http://www.openview.hp.com/products/storage_data_protector/twp/datapro_twp_plug-in_jun03.pdf

Hope this information can help you.

Cheers,
AW
now working, next not working ... that's unix
Adisuria Wangsadinata_1
Honored Contributor

‎09-19-2005 03:01 PM

‎09-19-2005 03:01 PM

Re: Backup and Recovery Security ( HELP!!!)

Hi,

Check the thread at this url below for your reference :

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=719121

Hope this information can help.

Cheers,
AW
now working, next not working ... that's unix
Mushy_1
Occasional Advisor

‎09-19-2005 03:07 PM

‎09-19-2005 03:07 PM

Re: Backup and Recovery Security ( HELP!!!)

thanks for all your help! have a great day ahead!
Life and Death are in the power of the tongue!
0 Kudos
Arunvijai_4
Honored Contributor

‎09-19-2005 04:33 PM

‎09-19-2005 04:33 PM

Re: Backup and Recovery Security ( HELP!!!)

Backup tools like, Data protector can help you to accomplish this job.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
MarkSyder
Honored Contributor

‎09-19-2005 08:48 PM

‎09-19-2005 08:48 PM

Re: Backup and Recovery Security ( HELP!!!)

How are they transported? If they're so important, shouldn't they be in a fireproof locked case with the key elsewhere? Then, even if they're stolen, the thief can't do anything with them.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
0 Kudos
Ian Miller.
Honored Contributor

‎09-19-2005 08:57 PM

‎09-19-2005 08:57 PM

Re: Backup and Recovery Security ( HELP!!!)

and on VMS we have backup saveset encryption which is free if you are running VMS V8.2 (and wille be improved with better encryption in VMS V8.3 next year).
____________________
Purely Personal Opinion
0 Kudos
Peter Quodling
Trusted Contributor

‎09-19-2005 11:05 PM

‎09-19-2005 11:05 PM

Re: Backup and Recovery Security ( HELP!!!)

This is of course, the OpenVMS forum, you may want to try something more Unix-focused for answers to Tar problems. OpenVMS uses a far more robust backup mechanism, with far better security etc.

q
Leave the Money on the Fridge.
0 Kudos
Ann Majeske
Honored Contributor

‎09-20-2005 03:58 AM

‎09-20-2005 03:58 AM

Re: Backup and Recovery Security ( HELP!!!)

The only way to guarantee that others will not be able to read your tapes is by increasing the physical security so that they cannot be stolen, not by increasing the security on the tape. Any encryption can be broken given sufficient time and resources. If you're concerned about how the tapes are being transported you should look into using a more secure method (i.e. armored car, etc).

Sure, as others have stated there are ways of encrypting the tapes, but none of those methods guarantee that someone can't read the tape, they only make it harder for someone to read the tape.

Ann
0 Kudos
Florian Heigl (new acc)
Honored Contributor

‎09-20-2005 04:05 AM

‎09-20-2005 04:05 AM

Re: Backup and Recovery Security ( HELP!!!)

Some things I think yet unmentioned
- Pipe the data through i.e. openssl
(put the password somewhere where it's safe for 10+ years, i.e. bank vault)
- better still, think up a passwordless method for general restores (i.e. integrate SecureID)
- most virtual tape libraries can add transparent encryption

- every encryption of Your backups is really risky :)
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.