Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Connection encryption between SQL Server and BackupExec Expand / Collapse
Author
Message
Posted Tuesday, July 2, 2013 2:38 PM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Friday, September 26, 2014 9:39 AM
Points: 12, Visits: 46
We are in the mists of securing all internal communications via encryption, a security requirement by law for us...

We are using SQL Server encryption from the server to the clients for all sensitive databases, but we have no turned on force encryption yet due to not knowing how some programs might act.

One such program is Symantec's BackupExec. We are using BE 2012 and the SQL Server backup agent to backup our database servers. We have contacted Symantec about this and they don't seem to have a clue what we are asking. They keep telling us the agent is encrypted if you have hardware encryption turned on the tape... well that's not what we need to know... we wanted to know if you force encryption at the database server connection level how does the agent react...

We need to make sure we are not leaving an unencrypted path between the server and the backup agent. We know from the agent to the media server are encrypted via certificate / key exchanges. We know the media server to the tape are encrypted via a key we provided. We just don't know how or if the data from the server to the agent are encrypted...

Anyone have any experience with this or any knowledge of how BackupExec handles a require encrypted connection setting?
Post #1469748
Posted Tuesday, July 2, 2013 2:48 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Thursday, October 9, 2014 1:02 PM
Points: 6,032, Visits: 5,284
The item that I find is this:
http://www.symantec.com/connect/blogs/backup-exec-2012-security-improvements

However, I am unaware of anywhere that the law requires this, where are you?

CEWII
Post #1469751
Posted Tuesday, July 2, 2013 2:53 PM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Friday, September 26, 2014 9:39 AM
Points: 12, Visits: 46
Elliott Whitlow (7/2/2013)
The item that I find is this:
http://www.symantec.com/connect/blogs/backup-exec-2012-security-improvements

However, I am unaware of anywhere that the law requires this, where are you?

CEWII


We have encryption requirements in the industry I am in, and we need to reasonably assure that all data traffic between devices is "secured" so since we are encrypting server to client, we wanted to make sure all points of transit follow a similar scheme or at least be able to say we researched them to get an idea of what is or isn't securable
Post #1469756
Posted Tuesday, July 2, 2013 2:57 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Thursday, October 9, 2014 1:02 PM
Points: 6,032, Visits: 5,284
Fair enough, even when I worked in banking this wasn't required, but alright..

Based on that article the agent to the back end is encrypted or at least can be. If the agent is ON the box then it is likely using the shared memory provider which has no encryption..

CEWII
Post #1469758
Posted Wednesday, July 3, 2013 2:47 AM
Say Hey Kid

Say Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey Kid

Group: General Forum Members
Last Login: Today @ 4:14 AM
Points: 709, Visits: 1,430
How are you planning on enforcing the encryption for the connection? I ask because if you are using FIPS I would test it out because you can break application functionality if something depends on non-FIPS validated algorithms.

Joie Andrew
"Since 1982"
Post #1469913
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse