Tape Encryption Why is it needed? Tape backup software is given access to all data on the system. Tapes are taken off site to a data vault for “security”

Slides:

Advertisements

Similar presentations

GCSE ICT Networks & Security..

Advertisements

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

Mobile Development Introduction to Visual Studio Development Rob Miles Department of Computer Science.

1 iHome Automation System Home Automation System Team: Million Dollar Contingency Regiment Adam Doehling Chris Manning Ryan Patterson.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Oracle Data Guard Ensuring Disaster Recovery for Enterprise Data

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Preservasi Informasi Digital.  It will never happen here!  Common Causes of Loss of Data  Accidental Erasure (delete, power, backup)  Viruses and.

Complete Data Protection from [INSERT SOFTWARE NAME] Insert logo.

Engineering H192 - Computer Programming The Ohio State University Gateway Engineering Education Coalition Lect 4P. 1Winter Quarter Introduction to UNIX.

Telnet/SSH: Connecting to Hosts Internet Technology1.

Authentication Approaches over Internet Jia Li

Data Security GCSE ICT.

Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.

1 Input/Output. 2 Principles of I/O Hardware Some typical device, network, and data base rates.

Elite Networking & Consulting Presents: Everything You Wanted To Know About Data Insurance* * But Were Afraid To Ask Elite Networking & Consulting, LLC,

Managing Storage Lesson 3.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Computing Fundamentals Module A Unit 2: Using Windows Vista LessonTopic 8Looking at Operating Systems 9Looking at the Windows Desktop 10Starting Application.

Introduction to our On-Line Self Service Center at

Hands-On Virtual Computing

Guide to Linux Installation and Administration, 2e 1 Chapter 9 Preparing for Emergencies.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Wireless or wired connection of the technician’s smartphone to Cable Ties network.

AMSI Hosting Options User Panel Discussion Presented by Brian Torney Session 107 Advantages of Self Hosting.

3.3 Digital Communication Security. Overview Demonstrate knowledge and understanding of basic network security measures, e.g. passwords, access levels,

Preventing Common Causes of loss. Common Causes of Loss of Data Accidental Erasure – close a file and don’t save it, – write over the original file when.

Introduction to IT Essentials of Computing Lecture – 02.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

Chapter Eight CBIS and Checklists. General Controls 12 controls Planning, controls, standards, security Continuous updating –e.g., C&L 66% of firms inadequate.

Security Issues and Strategies Chapter 8 – Computers: Understanding Technology (Third edition)

Dec07-02: Prototype Parking Meter Phase 8 Bret Schuring: Team Leader Pooja Ramesh: Communications Wilson Kwong, Matt Swanson, Alex Wernli.

Ryan Hemmy.  The ultimate goal is to create a single efficient and lightweight program that both unifies features of existing programs and offers unique.

McLean HIGHER COMPUTER NETWORKING Lesson 15 (a) Disaster Avoidance Description of disaster avoidance: use of anti-virus software use of fault tolerance.

Continuous Backup for Business CrashPlan PRO offers a paradigm of backup that includes a single solution for on-site and off-site backups that is more.

Chapter2 Networking Fundamentals

Cosc 4750 Backups Why Backup? In case of failure In case of loss of files –User and system files Because you will regret it, if you don’t. –DUMB = Disasters.

Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.

Chapter 5 Input/Output 5.1 Principles of I/O hardware

Design Team : Advisor: Dr. Edwin Project Web Site: Client: Paul

Copy to Tape TOI. 2 Copy to Tape TOI Agenda Overview1 Technical Feature Implementation2 Q&A3.

SQL SERVER 2008 Installation Guide A Step by Step Guide Prepared by Hassan Tariq.

Install, configure and test ICT Networks

Cloud Archive By: Kimberly Nolan. What it is?  The goal of a cloud archiving service is to provide a data storage (ex. Google drive and SkyDrive) as.

© 2014 VMware Inc. All rights reserved. Cloud Archive for vCloud ® Air™ High-level Overview August, 2015 Date.

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.

The Functions of Operating Systems Network Operating Systems (NOS)

BACKUP AND RESTORE. The main area to be consider when designing a backup strategy Which information should be backed up Which technology should be backed.

Enterprise Vitrualization by Ernest de León. Brief Overview.

Backup and Disaster Dr Stuart Petch CeG IT/IS Manager

Managing Storage Module 3.

Integrating Disk into Backup for Faster Restores

Server Upgrade HA/DR Integration

I/O SYSTEMS MANAGEMENT Krishna Kumar Ahirwar ( )

Information Technology

UNIT 19 Data Security 2.

The 8255 Programmable Peripheral Interface

Project Overview Visit Now:

Introduction to Computers

Real IBM C exam questions and answers

Introducing MagicInfo Lite

Telnet/SSH Connecting to Hosts Internet Technology.

Design Unit 26 Design a small or home office network

Hard disk basics Prof:R.CHARLES SILVESTER JOE Departmet of Electronics St.Joseph’s College,Trichy.

WJEC GCSE Computer Science

G061 - Network Security.

Presentation transcript:

Tape Encryption Why is it needed? Tape backup software is given access to all data on the system. Tapes are taken off site to a data vault for “security” in case of loss of the physical site. Tapes often taken to the vault by the lowest cost method, I.e. lowest cost courier company.

Tape Encryption Why is it needed? Data saved to tape is not given any security access levels. An operator can initiate an unauthorised backup to a tape he can then keep without Theft of a tape is a major problem. There is no way to tell if a tape has been copied.

Who needs it? Tape Encryption Banks – may be a requirement from the SEC or similar Insurance Companies – may also be a statutory requirement. Medical companies – requirement in many countries. Research groups – data here is almost priceless.

PARANOIA! Tape Encryption In line tape encryption. Host Independent System Independent DES & DES3 level encryption

PARANOIA Server Paranoia is a hardware pass through SCSI solution, which encrypts data on the fly even in an unattended backup environment. Tape Encryption

Hardware Key User Key Encryption Key ƒ The hardware key is a unique chip installed during manufacture containing the unit’s 8 character key. The 8 character user key is input by RS232 The Paranoia performs a logical function between the hardware and user keys, so producing a 56bit encryption key unique that is unique to the hardware and user key combination..

Tape Drive SCSI Connection Original System with tape drive connected via standard SCSI interface.

Tape Drive Add Paranoia unit and connect to Tape drive. Paranoia interrogates tape drive and then sets itself up on that ID. ID3 3590E SCSI Inquiry

Tape Drive Reconnect system via the Paranoia The system is now tested including reading previously written tapes to ensure all connections are correct. ID3 3590E

Tape Drive A PC is connected to serial interface and unit is configured using the Windows GUI programme. ID3 3590E

Tape Drive When set to not secure all data to and from the tape is unchanged. The quick brown fox jumps over The quick brown fox jumps ID3 3590E Not Secure

Tape Drive When set to secure all data to and from the tape is encrypted The quick brown fox jumps over 3n%7xklm)-f7jksuw edec 7AheJL8*65ssa “$.M The final figure is $8,000 ID3 3590E Secure

Configurations. Host System ID3 3590E Tape Drive Simple single unit configuration. Backup to a stand alone tape is encrypted.

Configurations. Host System ID3 DLT7000 Tape Library Small tape library with single drive allows all tapes in Library to be encrypted. Library control over SCSI is daisy chained so as not to be passed via the Paranoia Tape Drive

Configurations. Host System Tape Library Tape Drive Small tape library with dual drives with only one drive able to encrypt data. When reading unencrypted data this drive can still be used by simply selecting the Non Secure option. Any data to be sent to an off-site vault can be encrypted whilst data remaining on site does not need to be. ID3 DLT7000

Configurations. Host System Tape Library Tape Drive Small tape library with dual drives and both drives able to encrypt data. Both units are fitted with the same “key chip” so either unit can be used to read/write encrypted data. ID3 DLT7000 ID2 DLT7000

ID3DLT7000 ID4 DLT7000 Configurations. Host System Tape Library Tape Drive Small tape library with dual drives and two hosts but each Paranoia has a different “Key Chip” so data written in encrypted mode from one system cannot be read on the other. For data interchange the units can be set to non- secure mode. Host System

Configurations. Tape Library Large tape library with one department system using encryption to ensure sensitive data cannot be read by other departments. Host System Tape Drive Host System Tape Drive Host System Tape Drive Host System Tape Drive Host System Tape Drive ID4 AIT-2

Configurations. Tape Library Host System Tape Drive Host System Tape Drive Host System Tape Drive Host System Tape Drive Host System Tape Drive ID3 AIT-2ID4 AIT-2ID1 AIT-2 ID0 AIT-2 Large tape library with a mixture of common secure (red units), non secure and separate secure (blue unit) in a single library.

Host System ID3 3590E Tape Drive Host System ID3 3590E Tape Drive For secure transfer of large amounts of data between remote sites two Paranoia units are supplied with identical “Key Chips”. The sites use a common user key string for encrypting tapes to be shipped between sites. For added security the sites use a separate user key string to encrypt tapes not being transferred between sites. Any distance – Data can go via commercial courier without risk.

For Disaster recovery using a public DR site a Paranoia unit with a dummy “Key chip” is supplied on the DR site. Users have a third “spare” key chip supplied and this is used whenever the DR site is need to read the tapes. This allows common usage of a DR site without the need to have the possibility of data compromise.