Home > Networking Tips > Network Engineering > The importance of securing backup and restore networks
Networking Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

NETWORK ENGINEERING

The importance of securing backup and restore networks


Vijay Ahuja
10.15.2003
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Dr. Vijay Ahuja
Founder and President, Cipher Solutions Inc.
Dr. Vijay Ahuja is the president and founder of Cipher Solutions Inc., a professional services company that assists its clients in implementing storage security and offers customized seminars on storage and network security issues. Dr. Ahuja has been an industry leader in network security and more recently in storage security.

Backup and restore networks are critical for business continuity. Enterprises must ensure that its backup and restore environments are secured. During the last few months there have been several data thefts. To name a few: Loss of a 30GB drive belonging to one of Canada's largest insurance companies, intruders stealing 8 million Visa, MasterCard, American Express and Discover credit card numbers from an Omaha-based company and loss of personal information of 55,000 students from the University of Texas last March.

There are two parts to securing the backup environment:

  • The data in transit to the backup storage should be secured or securing "data in flight."

  • The data residing in the backup storage should be secured, or securing "data in store."

    • To secure data in flight, typically, an IPSec-based solution may be deployed. This is because backup networks are often built around IP networks. By implementing IPSec devices at the two ends of the backup network, the data traffic can be secured over the IP network. Some of the storage backup vendors provide this facility. Alternatively, some of the high-speed VPN appliances in the market may be deployed.

    Protecting data in backup store is, in some ways, more critical to secure than data in flight. Here, the data is residing in the backup store for an indefinite period. The attacker has almost an unlimited time period to attempt various penetration attacks. The enterprise has the following choices:

  • Secure the data by implementing technologies in the backup storage devices. This requires the backup storage vendor to offer ways to secure the data.

  • Implement an appliance that can encrypt data at some point in the storage network. The enterprise may implement security just before data is sent for backup; or better still, at the place where data is generated. Some of the backup vendors offer encrypting data. However, the customer must maintain the custody of the encryption keys. There are also some standalone storage security appliance vendors that offer support for securing data as it is sent to tape storage.

  • Finally, the enterprise may want to secure only the sensitive information. Such an approach is both prudent and efficient. This may lead to including security at the application layer-- another way to address the security for data in backup store. It can reduce the amount of data to be encrypted and managed in the backup.

    Instead of implementing one of the above, an enterprise may choose to simply define and enforce certain best practices for securing the backup environment. Implementing best security policies and practices may address many, but not all, of the vulnerabilities to stored data.

    The option of not doing any of the above can only lead to a painful recovery after a disaster or an unscheduled failure. Remember that backing up data is necessary, but it is not sufficient as long as the backup environment is not secured.


    Rate this Tip
    To rate tips, you must be a member of SearchNetworking.com.
    Register now to start rating these tips. Log in if you are already a member.


    Submit a Tip




    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Network Engineering
    Testing LAN switch power consumption: A best practices guide
    Desktop virtualization network requirements
    Preventing hacker attacks with network behavior analysis IPS
    Internal cloud computing on the cheap: Free automated provisioning?
    Improved storage performance without adding more disk
    Troubleshooting -- 'Network Know-How' Chapter 17
    Windows Server 2008 IP routing configuration: Static and dynamic RIPv2
    Understand Windows tracert output to troubleshoot network connectivity
    Using tracert and TTL to troubleshoot network connectivity problems
    10 Gigabit Ethernet interconnect solutions: Investigate carefully before choosing

    LANs (Local Area Networks)
    Testing LAN switch power consumption: A best practices guide
    3Com acquisition confirms HP-Cisco battle for China
    Integrated wireless and wired LAN: Brocade-Motorola deal ups the ante
    Enterprise passive optical networks: a spanning-tree LAN alternative
    10 Gigabit Ethernet tutorial: Connecting data centers, storage, LAN and beyond
    Intelligent edge switches: Complexity is driving a smarter LAN
    Q&A: Jim Metzler previews the networking track at Interop
    Extreme's port extender can replace consumer devices at network edge
    VLANs versus IP subnets: Why use a VLAN over IP subnetting?
    Troubleshooting VLANs: How to monitor 802.1q tagged traffic

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    32-bit IP addressing  (SearchNetworking.com)
    ARCNET  (SearchNetworking.com)
    master  (SearchNetworking.com)
    master/slave  (SearchNetworking.com)
    Port Address Translation (PAT)  (SearchNetworking.com)
    subnet  (SearchNetworking.com)
    subnet mask  (SearchNetworking.com)
    system administrator  (SearchNetworking.com)
    Technical Office Protocol  (SearchNetworking.com)
    virtual systems management  (SearchNetworking.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary

    DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



    • Networking Solutions for Business

    Alcatel-Lucent Network Business Communications Solutions
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts