Some users here have asked about how secure Retrospect is.

Specific points of concern are how secure is security code password 
that is stored by the Retrospect client and as well by the Retrospect 
server (for scripted operation)? Why are the passwords displayed in 
clear text when they are first setup in the client?

How secure is the data that is being backed as it passes over the 
network? For example, if I choose to have DES encryption on the tape, 
is that DES implemented on the server as data is about to be written 
to the tape or has the data already been DES encrypted on the client 
side? I assume it can't be the latter since if the password to the 
tape is being used as the key, the client only has the security code, 
not the tape password.

Anyone running Retrospect with a security code to a client could back 
up it to take data off and then alter this data and then return the 
altered data to the client. Aside from this security code and 
blocking the TCP ports that Retrospect uses (via a router/firewall), 
are there any other ways to prevent an unauthorized copy of 
Retrospect from engaging in backup and retrieval? For example, what 
about the client knowing the IP identify of the server and rejecting 
any server not having that IP address?
Maurice Volaski, [EMAIL PROTECTED]
Computing Support, Rose F. Kennedy Center
Albert Einstein College of Medicine of Yeshiva University

To subscribe:    [EMAIL PROTECTED]
To unsubscribe:  [EMAIL PROTECTED]
Archives:        <>
Problems?:       [EMAIL PROTECTED]

Reply via email to