Main Menu

Backup Device: Encryption?

Started by Charlie Charbonneau, February 04, 2013, 01:14:26 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Charlie Charbonneau

It has been recommended that our backup usb devices should be encrypted or contain hardware encryption instead of just an ordinary USB External drive.  So in researching, I have a few questions.  I'm not very familiar with solid state drives.  Are they better? will they work with Server 2008 backup?  Will a hardware encrypted drive work with 2008 Backup?  Anyone have anything inparticular that they're using to encrypt backup drives being taken off premesis?
Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...

Jeff Zylstra

Quote from: Charlie Charbonneau on February 04, 2013, 01:14:26 PM
It has been recommended that our backup usb devices should be encrypted or contain hardware encryption instead of just an ordinary USB External drive.  So in researching, I have a few questions.  I'm not very familiar with solid state drives.  Are they better? will they work with Server 2008 backup?  Will a hardware encrypted drive work with 2008 Backup?  Anyone have anything inparticular that they're using to encrypt backup drives being taken off premesis?

I'll show my ignorance, once again....  We use Acronis to back up, and I'm pretty sure that it uses encryption to backup to the primary drive, and then just copies that file to the USB drive for offsite redundancy.  Does your Seagate, Backup Exec, or other backup software use encryption already?  You may be doing it already, but not know it because you're always viewing the backups from within the backup software.  You may want to check it out and see if your software will do it.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

We're on Backup Exec 2012.  Still backing up to tape, but yes, it does use encryption.

Charlie, if you don't want to shell out the bucks for something like Backup Exec, you could very likely work TrueCrypt into your nightly backup routine without much complication.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Golas

I've tried Truecrypt and it does work with little impact on performance. Basically you either set up a truecrypt container on the drive or set the drive itself, then configure the backup server to automount (or require a password up to you).
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Mark

There you go, Charlie!  Free and "simple!"
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Charlie Charbonneau

woot! will be looking into it!  Thanks folks!
Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...

Charlie Charbonneau

Ok, possibly found another free route and of course have more questions?  Windows 2008 comes with BitLocker Drive Encryption which also looks like it will do what I need and is built into what I already have.  Seems like a plus to me.  What I'm wondering is:  If I apply encryption to the root, data, and backup drives, will TAM and Exchange play well with it?
Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...

Mark

oooh... I can't answer that, but I'm going to ask why don't you just encrypt the backup drive.

Why don't you just encrypt the backup drive?  I would think encrypting anything else could impact performance.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Charlie Charbonneau

I'm sure I could, but God forbid if someone walks off with the server and it's been left unencrypted have I done my due diligence to protect confidential data?  What's good enough?
Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...

Mark

Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Conan_Ward

To the best of my knowledge TAM will not like working on an encrypted drive (or may just not work entirely).
Former TAM support, P&C licensed in Maryland, LFW

Billy Welsh

Quote from: Charlie Charbonneau on February 07, 2013, 04:08:38 PM
I'm sure I could, but God forbid if someone walks off with the server and it's been left unencrypted have I done my due diligence to protect confidential data?  What's good enough?

Is your server physically secure?  I would think that is sufficient due diligence.
Billy Welsh
Director of Accounting
LCMC Health

Charlie Charbonneau

It sits on a table in my office.  As of today, the door will be locked when I'm not inhouse. There is no window access, but that can be bypassed via the drop ceiling from the next office if someone were really determined.  Suite is alarmed and building is alarmed.   Good enough?
Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...

Mark

Hang some barbed wire in the drop ceiling right above your wall, and put vaseline anywhere someone might be able to grab hold of the server.

I think that could cover it.  ;)
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Charlie Charbonneau

I'll have to see if I can get my buddy Achmed in to do some customizations...
Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...