John H. Robinson, IV wrote:
System is the easiest to restore
I agree. At this point, I generally have a directory that includes the
source and scripts I use to install applications. I almost never
restore applications or systems. If something happens, format and
reinstall. This generally helps clear away accumulated crud anyhow.
While Unix accumulates crud slower than Windows, it does accumulate
(generally in the form of old files from previous versions of the
OS/core libraries upgraded during security updates).
If you encrupt the data, then that
data stands a better chance of being irrevocably lost. You add another
single point of failure: loss of the keys.
Correct, but you are assuming your only risk is loss.
*Theft* is now a bigger issue. With proper redundancy, a system
effectively never goes down. You can lose entire sites if you have a
geographical spread. However, you still need backups in case of
break-ins, administrator stupidity, application instability, etc.
Stealing those backups is becoming a much bigger risk than losing them.
It's all about risk vs. cost. Running a business nowadays, all backups
would be encrypted. I haven't *quite* gotten to the point where I
encrypt my laptop drives, but if I could find a nice keyfob-type
encryption system, I'd probably give it a shot. I won't encrypt my
server drives because it defeats remote management (which absolutely
sucks on most x86 systems).
Once they get system migration working, I'll probably start encrypting
things on my servers. Including the OS--sorry, there's just too much
possibility for leaking information to only try to encrypt applications.
If you are going to encrypt the backup tapes, then you are going to have
to have a fantastic key management system. One that can survive the loss
of the site, and the loss of the primary personnel (that may know the
keys by heart. Or may not).
USB key in an offsite safe deposit box. This really isn't that hard.
This does have to be balanced against the loss of a tape by the courier,
or offsite storage provider. The best solution? The application itself
encrypting the sensitive data. This way it is safe, no matter what, and
you need take no special precautions with the backup tapes. Other key
management caveats still apply.
And where is that key stored?
Oh, right, on the unencrypted disk with the application itself. Oops.
Key management is annoying, but it is not hard. However, it just needs
to be explicitly considered rather than being ad hoc. The question is
whether the annoyance is worth the gain. For a modern business, I
assert that it is.
-a
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
