Re: Backup Security Black Hole
- From: "Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m>
- Date: Tue, 9 Jan 2007 08:55:20 -0800
If someone has physical access to the disk and the encryption keys are on the disk then they don't need to go through the indirect route of the backup files. Programs exist to extract EFS keys out of user profiles and decrypt files. If your data is sensitive enough that you need to encrypt it then you also have to think about things like physical security, security of backups, where the keys for encryption/decryption are stored, and probably more. You have to plan out the whole process including backups and look for security holes at every step.
--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca
"IanB" <IanB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:E7F673D5-4F2B-432C-A4CF-85A5F16505FE@xxxxxxxxxxxxxxxx
Last week I posted a question about the security of NtBackUp files and a
suggested solution which had its own problem. No responses
So, trying again, but more simply, to check whether I am correct in
identifying with what seems to me to be a HUGE security hole.
ISSUE: Any unencrypted or non-password protected physical drive which
contains a NtbackUp file, ie individual data files, programs and packages on
the server or a removable drive can be read back using NTBackUp on any other
machine, ie security is fully compromised if the drive is lost or stolen.
Is this corect and what do others use to avoid this high level security risk?
IanB
.
- Prev by Date: Daily Vacation Calendar Alert
- Next by Date: Re: SQL Server 2005 Express on SBS 2003 R2 Standard Edition?
- Previous by thread: Re: Backup Security Black Hole
- Next by thread: Re: Backup Security Black Hole
- Index(es):
Relevant Pages
|
