Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Connection encryption between SQL Server and BackupExec


Connection encryption between SQL Server and BackupExec

Author
Message
brian.henry
brian.henry
Grasshopper
Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)

Group: General Forum Members
Points: 14 Visits: 49
We are in the mists of securing all internal communications via encryption, a security requirement by law for us...

We are using SQL Server encryption from the server to the clients for all sensitive databases, but we have no turned on force encryption yet due to not knowing how some programs might act.

One such program is Symantec's BackupExec. We are using BE 2012 and the SQL Server backup agent to backup our database servers. We have contacted Symantec about this and they don't seem to have a clue what we are asking. They keep telling us the agent is encrypted if you have hardware encryption turned on the tape... well that's not what we need to know... we wanted to know if you force encryption at the database server connection level how does the agent react...

We need to make sure we are not leaving an unencrypted path between the server and the backup agent. We know from the agent to the media server are encrypted via certificate / key exchanges. We know the media server to the tape are encrypted via a key we provided. We just don't know how or if the data from the server to the agent are encrypted...

Anyone have any experience with this or any knowledge of how BackupExec handles a require encrypted connection setting?
Elliott Whitlow
Elliott Whitlow
SSCertifiable
SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)

Group: General Forum Members
Points: 6214 Visits: 5314
The item that I find is this:
http://www.symantec.com/connect/blogs/backup-exec-2012-security-improvements

However, I am unaware of anywhere that the law requires this, where are you?

CEWII
brian.henry
brian.henry
Grasshopper
Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)

Group: General Forum Members
Points: 14 Visits: 49
Elliott Whitlow (7/2/2013)
The item that I find is this:
http://www.symantec.com/connect/blogs/backup-exec-2012-security-improvements

However, I am unaware of anywhere that the law requires this, where are you?

CEWII


We have encryption requirements in the industry I am in, and we need to reasonably assure that all data traffic between devices is "secured" so since we are encrypting server to client, we wanted to make sure all points of transit follow a similar scheme or at least be able to say we researched them to get an idea of what is or isn't securable
Elliott Whitlow
Elliott Whitlow
SSCertifiable
SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)

Group: General Forum Members
Points: 6214 Visits: 5314
Fair enough, even when I worked in banking this wasn't required, but alright..

Based on that article the agent to the back end is encrypted or at least can be. If the agent is ON the box then it is likely using the shared memory provider which has no encryption..

CEWII
Joie Andrew
Joie Andrew
SSC Eights!
SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)

Group: General Forum Members
Points: 973 Visits: 1916
How are you planning on enforcing the encryption for the connection? I ask because if you are using FIPS I would test it out because you can break application functionality if something depends on non-FIPS validated algorithms.

Joie Andrew
"Since 1982"
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search