begin quoting John H. Robinson, IV as of Wed, Oct 04, 2006 at 12:01:59PM -0700: > Stewart Stremler wrote: > > > > System backups shouldn't be encrypted, data backups should, especially > > when it's sensitive data. > > System is the easiest to restore, even if all the tapes are encrypted. A > system without its data is useless. If you encrupt the data, then that > data stands a better chance of being irrevocably lost. You add another > single point of failure: loss of the keys.
That's why you back up the keys, too. Print 'em out, put 'em in an envelope, seal the envelope, and put it somewhere with the other critical documents. Inappropriate disclosure can be as damaging (or more so) as loss of data. > If you are going to encrypt the backup tapes, then you are going to have > to have a fantastic key management system. One that can survive the loss > of the site, and the loss of the primary personnel (that may know the > keys by heart. Or may not). Um, if you're relying on a couple of people knowing the keys by heart, you're in trouble... > This does have to be balanced against the loss of a tape by the courier, > or offsite storage provider. The best solution? "Best" will vary according to a number of factors. > The application itself > encrypting the sensitive data. This way it is safe, no matter what, and > you need take no special precautions with the backup tapes. Other key > management caveats still apply. How do you open the box with a crowbar that's inside? If the application does the encryption, either it's using a keyless encryption (i.e., fixed-key), which is useless, or it manages the keys itself, which brings us back to where we were before. That being said, if you never let the backup tapes out of your control, and you're not worried about disclosure, only loss, then yes, the "best" solution is not to use encryption. Not everyone works under the same set of constraints. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
