mitchcohen Posted December 7, 2007 Report Share Posted December 7, 2007 I'm doing an informal security audit of a client (Retrospect any many other items). They currently do not password protect backup sets, which is something that will change. They are likely moving towards a hard drive backup, using the File method (multiple backup sets per drive). One question - how secure is a password-protected backup set? If the password is lost, is it something EMC could conceivably recover? Have there been any verified reports of password-protected file backup sets being compromised? (Other than obvious issues such as guessing the password or using the backup station where the backup admin has selected to save the password for all operations. But this would include any cracks of Retrospect's preference file, where passwords can be stored.) The passwords would be saved in Retrospect for automated actions only. The backup administrator should NOT be able to access data without manually entering the password to the backup set. Thanks, Mitch Link to comment Share on other sites More sharing options...
Mayoff Posted December 7, 2007 Report Share Posted December 7, 2007 Please see http://kb.dantz.com/article.asp?article=1148&p=2 Link to comment Share on other sites More sharing options...
rhwalker Posted December 8, 2007 Report Share Posted December 8, 2007 Mitch, Note that, if the password becomes lost for an encrypted backup set, there is no back door. The data cannot be retrieved by EMC support. russ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.