> We have a requirement to make sure that all sensitive data is
secure (8i,
> solaris).
> I see backup tapes as a major potential security hole: many
sites use
> contractors to take tapes offsite in trolleys/vans etc. What
is stopping
> someone lifting a tape, restoring it to a machine and (at
worst) hex editing
> and stringing the database files? Especially on high capacity
DLT's. Same
> applies to hot swappable RAID disks.
> We need a solution to allow encryption of sensitive (non
indexed) columns
> using a key generated by a system security server. Preferably
by a third
> party product, probably using pl/sql routines.
> This is the level of security that the rest of the system
uses -
> networking, authentication etc so backups should be no
exception.
> Government sites, financial sites, HR systems : does anybody
have something
> in place to get around this, or am I missing something here?
>
> Thanks!
> Mark
> (remove NOSPAM if responding)
>
Mark,
You are right that it is conceviably possible to comprimise
the security of backups given the proper equipment. Most
orginizations are not concerned with the security of their
backups beyond the physical aspect. In most disaster recovery
plans the big issue is how to get quick access to data for
recovery operations. The driving need for this of course is
the fact that the orginization requires the data in order
to run the business.
As far as encrypting your data for added security most backup
programs have an option allowing you to password protect the
tape. If you require additional levels of security your
options you can always run crypt/PGP against all sensitive
data.
Cheers,
BJ
--
This answer is courtesy of QuestionExchange.com
http://www.questionexchange.com/showUsenetGuest.jhtml?ans_id=6878&cus_id=USENET&qtn_id=6916
Received on Tue Nov 02 1999 - 13:42:30 CST
