Section 8.14. Security

Previous page
Table of content
Next page

8.14. Security

Historically, backups and security have had almost completely opposite goals. Things such as .rhosts files in Unix systems were absolutely necessary to gain any type of backup automation, and yet they are a well-known security problem. Fortunately, most modern backup products have worked around these problems. Here are some security issues to consider:


Daemon/service communication

Any decent product is going to have a secure method of communicating with the client. They will not require insecure communication methods such as rsh.


System authentication

How will the server and client verify each other's identity? Will they simply use hostnames and IP addresses? That's easily faked and should be avoided. Another method is to use the root password of the client. This requires the backup administrator to know the root passwords of every clientalso not a good idea. Other systems use sophisticated one-time passwords that are very strong. Investigate how your backup software authenticates its systems.


User authentication

How does the backup software authenticate administrators of the system, or people who want to perform user-level recoveries? Do they have their own database? Do they integrate with Active Directory or NIS?


Role-based authorization

Once a user is authenticated, are they all-powerful, or can you assign certain tasks to some people and not others? It would be nice if the person responsible for monitoring backups is not the same person setting them up. It would be nice to limit the number of people who can delete or overwrite backups.


Encryption

http://www.privacyrights.org maintains a list of privacy breaches, and as of this writing, it lists over a dozen tape-related privacy breaches. With all the attention these incidents are getting, more and more people are asking for encryption. Encryption can be accomplished in one of three ways. The data can be encrypted in the original filesystem. It can also be encrypted by the backup software as it's being transmitted to the server. Finally, it can be encrypted by a hardware appliance. If you're considering backup software encryption, make sure to talk to your backup vendor about it.



Previous page
Table of content
Next page
Backup & Recovery
Backup & Recovery: Inexpensive Backup Solutions for Open Systems
ISBN: 0596102461
EAN: 2147483647
Year: 2006
Pages: 237
Authors: W. Curtis Preston
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
C++ How to Program (5th Edition)
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
What is Lean Six Sigma
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy