Backup Central Forums :: View topic - Encryption and password protection

Search • FAQ • Memberlist • Log in

The time now is Fri May 25, 2012 4:32 am

View previous topic | View next topic

Page 1 of 1

Encryption and password protection

Author

Message

Bart.Jespers
Guest

Encryption and password protection

Hello All,=20

I have some questions about password protection and encryption with
networker. for a RFO we stated that networker can password protect and
encrypt the data flow. only afterwards we saw that apparently this is
only possible on windows and netware. The customer wants us to encrypt
all data, also solaris and linux clients

from the windows admin guide:=20
The password ASMs, available for Microsoft Windows and NetWare clients
only, are used to password-protect (pw1) or encrypt (pw2) data.=20

I have some questions about this=20

1) is it absolutely not possible to use those ASM's on linux and solaris

2) from the legato database I received a "solution" using a (unknown to
me) ASM : xlateasm. does this work? what does this do? below this email
is more info about it

3) can we encrypt or password protect data on an other way?=20
4) can we do compression and pasword protection (or encryption) in 1
directive. so that the data of 1 client is encrypted and compressed.

Thanks=20

Bart=20

PS=20

Solution Information=20

Title:How to encrypt NetWorker client's backup data=20
ID:legato6254=20
Solution Statements=20

Here is the solution: =20
(Click Here To Go Back)=20

There is an ASM with NetWorker called xlateasm which can be added to
client side or server side directives.=20

Example:=20

<< / >>=20
+xlateasm: *=20

Would have the client encrypt all its data when sent to the server.=20

<< "C:\My Documents" >>=20
+xlateasm: *.*=20

Would have the My Documents folder on drive C: encrypted.=20

NOTE:=20
-----------=20
This option will slow restore procedures down on the Client side when
the data is decrypted before being written to the file system.

NOTE:=20
-----------=20
The encryption method used by xlateasm is not very sophisticated and
relies on the security of the encryption algorithm. Thus, we do not
publish what this algorithm is. No encryption key is required. However,
a hacker might well be able to figure out how to de-encrypt data either
by examining the executable code or by brute force. Therefore, we do not
recommend use of this method for any purpose other than to discourage
prying or eliminate the possibility of unintentional examination of
data.=20

(Click Here To Go Back) =20
=20

Here is the problem or goal:=20
How to encrypt scheduled backups=20
=20
Can scheduled backups be encrypted=20
=20
Encryption for scheduled backups=20
=20

Click here to see the problem environment.=20

__________________________________________________=20
Jespers Bart=20
IT Consultant LCNA=20
FSC Professional Services=20

Fujitsu<FONT COLOR=3D"#000000" S

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu
=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D*=3D

Mon Mar 28, 2005 10:44 pm

Siobhan Ellis
Guest

Encryption and password protection

Bart,

Legato looked at providing data encryption in NetWorker 7.x. However, due
to the performance impact of doing encryption at source (it reduced backup
throughput by as much as 60%, or more than doubled the time to do a backup),
it was seen as not such a good idea to do it in software. Legato decided to
leave this area to the professionals, such as NeoScale, Decru, and Digital
Information Systems.

All these companies do the encryption in hardware, and thus you get very
low latency with excellent encryption capabilities.

My personal favourite is/was Neoscale.

Siobhán Ellis
Senior Technology Consultant
Enstor
Level 10, 118 Alfred St
Milsons Point
NSW 2061
Australia

Mobile: +61 424 750 544
Phone: +61 2 9900 2100
Fax: +61 2 9900 2199
e-mail: siobhan.ellis < at > enstor.com.au

Bart.Jespers < at > FUJITSU-SIEMENS.COM 29/03/2005 4:44:35 pm >>>

Hello All,

I have some questions about password protection and encryption with
networker. for a RFO we stated that networker can password protect and
encrypt the data flow. only afterwards we saw that apparently this is
only possible on windows and netware. The customer wants us to encrypt
all data, also solaris and linux clients

from the windows admin guide:
The password ASMs, available for Microsoft Windows and NetWare clients
only, are used to password-protect (pw1) or encrypt (pw2) data.

I have some questions about this

1) is it absolutely not possible to use those ASM's on linux and solaris

2) from the legato database I received a "solution" using a (unknown to
me) ASM : xlateasm. does this work? what does this do? below this email
is more info about it

3) can we encrypt or password protect data on an other way?
4) can we do compression and pasword protection (or encryption) in 1
directive. so that the data of 1 client is encrypted and compressed.

Thanks

Bart

PS

Solution Information

Title:How to encrypt NetWorker client's backup data
ID:legato6254
Solution Statements

Here is the solution:
(Click Here To Go Back)

There is an ASM with NetWorker called xlateasm which can be added to
client side or server side directives.

Example:

<< / >>
+xlateasm: *

Would have the client encrypt all its data when sent to the server.

<< "C:\My Documents" >>
+xlateasm: *.*

Would have the My Documents folder on drive C: encrypted.

NOTE:
-----------
This option will slow restore procedures down on the Client side when
the data is decrypted before being written to the file system.

NOTE:
-----------
The encryption method used by xlateasm is not very sophisticated and
relies on the security of the encryption algorithm. Thus, we do not
publish what this algorithm is. No encryption key is required. However,
a hacker might well be able to figure out how to de-encrypt data either
by examining the executable code or by brute force. Therefore, we do not
recommend use of this method for any purpose other than to discourage
prying or eliminate the possibility of unintentional examination of
data.

(Click Here To Go Back)

Here is the problem or goal:
How to encrypt scheduled backups

Can scheduled backups be encrypted

Encryption for scheduled backups

Click here to see the problem environment.

__________________________________________________
Jespers Bart
IT Consultant LCNA
FSC Professional Services

Fujitsu<FONT COLOR="#000000" S

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

--=__Part280B2E4F.0__=
Content-Transfer-Encoding: 8bit

Mon Mar 28, 2005 11:31 pm

Bart.Jespers
Guest

Encryption and password protection

Siobhan,

I'm completely not familar with those kind of encryption devices. how can we use them?

is it something we put before the Tape drives? (between SAN and tape)

however I fear that this will be a costly solution. isn't there anything we can do using software (freeware). can't we add a | crypt somewhere to the networker stream?

Bart

-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER < at > LISTSERV.TEMPLE.EDU] On Behalf Of Siobhan Ellis
Sent: Tuesday, March 29, 2005 9:32 AM
To: NETWORKER < at > LISTSERV.TEMPLE.EDU
Subject: Re: [Networker] Encryption and password protection

Bart,

Legato looked at providing data encryption in NetWorker 7.x. However, due to the performance impact of doing encryption at source (it reduced backup throughput by as much as 60%, or more than doubled the time to do a backup), it was seen as not such a good idea to do it in software. Legato decided to leave this area to the professionals, such as NeoScale, Decru, and Digital Information Systems.

All these companies do the encryption in hardware, and thus you get very low latency with excellent encryption capabilities.

My personal favourite is/was Neoscale.

Siobhán Ellis
Senior Technology Consultant
Enstor
Level 10, 118 Alfred St
Milsons Point
NSW 2061
Australia

Mobile: +61 424 750 544
Phone: +61 2 9900 2100
Fax: +61 2 9900 2199
e-mail: siobhan.ellis < at > enstor.com.au

Bart.Jespers < at > FUJITSU-SIEMENS.COM 29/03/2005 4:44:35 pm >>>

Hello All,

I have some questions about password protection and encryption with networker. for a RFO we stated that networker can password protect and encrypt the data flow. only afterwards we saw that apparently this is only possible on windows and netware. The customer wants us to encrypt all data, also solaris and linux clients

from the windows admin guide:
The password ASMs, available for Microsoft Windows and NetWare clients only, are used to password-protect (pw1) or encrypt (pw2) data.

I have some questions about this

1) is it absolutely not possible to use those ASM's on linux and solaris

2) from the legato database I received a "solution" using a (unknown to
me) ASM : xlateasm. does this work? what does this do? below this email is more info about it

3) can we encrypt or password protect data on an other way?
4) can we do compression and pasword protection (or encryption) in 1 directive. so that the data of 1 client is encrypted and compressed.

Thanks

Bart

PS

Solution Information

Title:How to encrypt NetWorker client's backup data
ID:legato6254
Solution Statements

Here is the solution:
(Click Here To Go Back)

There is an ASM with NetWorker called xlateasm which can be added to client side or server side directives.

Example:

<< / >>
+xlateasm: *

Would have the client encrypt all its data when sent to the server.

<< "C:\My Documents" >>
+xlateasm: *.*

Would have the My Documents folder on drive C: encrypted.

NOTE:
-----------
This option will slow restore procedures down on the Client side when the data is decrypted before being written to the file system.

NOTE:
-----------
The encryption method used by xlateasm is not very sophisticated and
relies on the security of the encryption algorithm. Thus, we do not
publish what this algorithm is. No encryption key is required. However,
a hacker might well be able to figure out how to de-encrypt data either
by examining the executable code or by brute force. Therefore, we do not
recommend use of this method for any purpose other than to discourage
prying or eliminate the possibility of unintentional examination of
data.

(Click Here To Go Back)

Here is the problem or goal:
How to encrypt scheduled backups

Can scheduled backups be encrypted

Encryption for scheduled backups

Click here to see the problem environment.

__________________________________________________
Jespers Bart
IT Consultant LCNA
FSC Professional Services

Fujitsu<FONT COLOR="#000000" S

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Tue Mar 29, 2005 10:55 pm

Siobhan Ellis
Guest

Encryption and password protection

Bart,

it sits in the data path. So in a FC environment there is an HBA in and an
HBA out. in a SCSI environment, SCSI in and SCSI out.

No, it isn't cheap, but not too expensive either. Question is, can the
customer afford the major degredation in backup times, plus the extra memory
and CPU it sucks - that all has a cost too.

Contact NeoScale (www.neoscale.com) who are in Milpitas California
Decru (www.decru.com) in the USA
Digital Information Systems in the UK (their product is called Paranoia)

Legato has customers already using all 3 solutions.

No, there is no sofware solution to the problem.

Siobhán Ellis
Senior Technology Consultant
Enstor
Level 10, 118 Alfred St
Milsons Point
NSW 2061
Australia

Mobile: +61 424 750 544
Phone: +61 2 9900 2100
Fax: +61 2 9900 2199
e-mail: siobhan.ellis < at > enstor.com.au

<Bart.Jespers < at > fujitsu-siemens.com> 30/03/2005 4:55 pm >>>

Siobhan,

I'm completely not familar with those kind of encryption devices. how can
we use them?

is it something we put before the Tape drives? (between SAN and tape)

however I fear that this will be a costly solution. isn't there anything we
can do using software (freeware). can't we add a | crypt somewhere to the
networker stream?

Bart

-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER < at > LISTSERV.TEMPLE.EDU] On
Behalf Of Siobhan Ellis
Sent: Tuesday, March 29, 2005 9:32 AM
To: NETWORKER < at > LISTSERV.TEMPLE.EDU
Subject: Re: [Networker] Encryption and password protection

Bart,

Legato looked at providing data encryption in NetWorker 7.x. However, due
to the performance impact of doing encryption at source (it reduced backup
throughput by as much as 60%, or more than doubled the time to do a backup),
it was seen as not such a good idea to do it in software. Legato decided to
leave this area to the professionals, such as NeoScale, Decru, and Digital
Information Systems.

All these companies do the encryption in hardware, and thus you get very
low latency with excellent encryption capabilities.

My personal favourite is/was Neoscale.

Siobhán Ellis
Senior Technology Consultant
Enstor
Level 10, 118 Alfred St
Milsons Point
NSW 2061
Australia

Mobile: +61 424 750 544
Phone: +61 2 9900 2100
Fax: +61 2 9900 2199
e-mail: siobhan.ellis < at > enstor.com.au

Bart.Jespers < at > FUJITSU-SIEMENS.COM 29/03/2005 4:44:35 pm >>>

Hello All,

I have some questions about password protection and encryption with
networker. for a RFO we stated that networker can password protect and
encrypt the data flow. only afterwards we saw that apparently this is only
possible on windows and netware. The customer wants us to encrypt all data,
also solaris and linux clients

from the windows admin guide:
The password ASMs, available for Microsoft Windows and NetWare clients
only, are used to password-protect (pw1) or encrypt (pw2) data.

I have some questions about this

1) is it absolutely not possible to use those ASM's on linux and solaris

2) from the legato database I received a "solution" using a (unknown to
me) ASM : xlateasm. does this work? what does this do? below this email is
more info about it

3) can we encrypt or password protect data on an other way?
4) can we do compression and pasword protection (or encryption) in 1
directive. so that the data of 1 client is encrypted and compressed.

Thanks

Bart

PS

Solution Information

Title:How to encrypt NetWorker client's backup data
ID:legato6254
Solution Statements

Here is the solution:
(Click Here To Go Back)

There is an ASM with NetWorker called xlateasm which can be added to client
side or server side directives.

Example:

<< / >>
+xlateasm: *

Would have the client encrypt all its data when sent to the server.

<< "C:\My Documents" >>
+xlateasm: *.*

Would have the My Documents folder on drive C: encrypted.

NOTE:
-----------
This option will slow restore procedures down on the Client side when the
data is decrypted before being written to the file system.

NOTE:
-----------
The encryption method used by xlateasm is not very sophisticated and
relies on the security of the encryption algorithm. Thus, we do not
publish what this algorithm is. No encryption key is required. However,
a hacker might well be able to figure out how to de-encrypt data either
by examining the executable code or by brute force. Therefore, we do not
recommend use of this method for any purpose other than to discourage
prying or eliminate the possibility of unintentional examination of
data.

(Click Here To Go Back)

Here is the problem or goal:
How to encrypt scheduled backups

Can scheduled backups be encrypted

Encryption for scheduled backups

Click here to see the problem environment.

__________________________________________________
Jespers Bart
IT Consultant LCNA
FSC Professional Services

Fujitsu<FONT COLOR="#000000" S

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

--=__PartE3C0E6D2.2__=
Content-Transfer-Encoding: 8bit

Tue Mar 29, 2005 11:14 pm

The time now is Fri May 25, 2012 4:32 am | All times are GMT - 8 Hours

Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum