Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Encrypted backups

11 posts in Product Futures Discussion Last posting was on 2002-08-12 18:40:34.0Z
Jason Webster Posted on 2002-07-26 13:18:21.0Z
From: "Jason Webster" <jason.webster`@mail.state.ky.us>
Subject: Encrypted backups
Date: Fri, 26 Jul 2002 09:18:21 -0400
Lines: 17
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <gcdKuhKNCHA.306@forums.sybase.com>
Newsgroups: sybase.public.ase.product_futures_discussion
NNTP-Posting-Host: 205.204.186.5
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:366
Article PK: 93535

If I dump a database -- say to tape for arguments sake -- and someone takes
that tape to a different server they can load it. In other words, in spite
of any efforts made to secure my server, the database can still be
compromised by anyone who has access to the backup volume.

We are a government site with centralized backup (TSM) which means that many
people can potentially get my backup volume, and our security division has a
problem with this.

If backups can be compressed, they can also be encrypted. I want the
ability to encrypt backups with a key that I can make up and change as I
wish. How hard would this be to provide?

--
Jason Webster


Sethu M Posted on 2002-07-27 15:16:17.0Z
From: "Sethu M" <sethu@sybase.com>
References: <gcdKuhKNCHA.306@forums.sybase.com>
Subject: Re: Encrypted backups
Date: Sat, 27 Jul 2002 08:16:17 -0700
Lines: 26
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <XPFD#IYNCHA.582@forums.sybase.com>
Newsgroups: sybase.public.ase.product_futures_discussion
NNTP-Posting-Host: 10.22.120.58
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:359
Article PK: 93526

We will have dump database with password support in
the near future. Encryption of dumps is in our roadmap
and that work is in progress.

Sethu

"Jason Webster" <jason.webster`@mail.state.ky.us> wrote in message
news:gcdKuhKNCHA.306@forums.sybase.com...
If I dump a database -- say to tape for arguments sake -- and someone takes
that tape to a different server they can load it. In other words, in spite
of any efforts made to secure my server, the database can still be
compromised by anyone who has access to the backup volume.

We are a government site with centralized backup (TSM) which means that many
people can potentially get my backup volume, and our security division has a
problem with this.

If backups can be compressed, they can also be encrypted. I want the
ability to encrypt backups with a key that I can make up and change as I
wish. How hard would this be to provide?

--
Jason Webster


Jason Webster Posted on 2002-07-29 16:01:00.0Z
From: "Jason Webster" <jason.webster`@mail.state.ky.us>
References: <gcdKuhKNCHA.306@forums.sybase.com> <XPFD#IYNCHA.582@forums.sybase.com>
Subject: Re: Encrypted backups
Date: Mon, 29 Jul 2002 12:01:00 -0400
Lines: 37
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <J6#2nqxNCHA.306@forums.sybase.com>
Newsgroups: sybase.public.ase.product_futures_discussion
NNTP-Posting-Host: 205.204.186.5
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:357
Article PK: 93527

Thank you.

"Sethu M" <sethu@sybase.com> wrote in message
news:XPFD#IYNCHA.582@forums.sybase.com...
> We will have dump database with password support in
> the near future. Encryption of dumps is in our roadmap
> and that work is in progress.
>
> Sethu
>
> "Jason Webster" <jason.webster`@mail.state.ky.us> wrote in message
> news:gcdKuhKNCHA.306@forums.sybase.com...
> If I dump a database -- say to tape for arguments sake -- and someone
takes
> that tape to a different server they can load it. In other words, in
spite
> of any efforts made to secure my server, the database can still be
> compromised by anyone who has access to the backup volume.
>
> We are a government site with centralized backup (TSM) which means that
many
> people can potentially get my backup volume, and our security division has
a
> problem with this.
>
> If backups can be compressed, they can also be encrypted. I want the
> ability to encrypt backups with a key that I can make up and change as I
> wish. How hard would this be to provide?
>
> --
> Jason Webster
>
>
>


Anthony Mandic Posted on 2002-08-12 08:47:44.0Z
Message-ID: <3D577630.A6A1CBE1@start.com.au>
Date: Mon, 12 Aug 2002 18:47:44 +1000
From: Anthony Mandic <am_is_not@start.com.au>
Organization: Mandic Consulting Pty. Ltd.
X-Mailer: Mozilla 4.61 [en] (WinNT; I)
MIME-Version: 1.0
Subject: Re: Encrypted backups
References: <gcdKuhKNCHA.306@forums.sybase.com> <XPFD#IYNCHA.582@forums.sybase.com> <J6#2nqxNCHA.306@forums.sybase.com> <20020805192229044-0500@localhost.local>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Newsgroups: sybase.public.ase.product_futures_discussion
Lines: 19
NNTP-Posting-Host: 203.3.176.10
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:331
Article PK: 93498


"Jason L. Froebe" wrote:

> In the meantime, you could mount an encrypted filesystem and dump to
> there. If you particular Unix doesn't support this, then you can use
> the remote backup feature and dump to an encrypted filesystem on Linux -
> which of course, you can automatically have it compressed.

As an alternative, Jason W. could have gone to TechWave where
he would have discovered "protegrity" who have a product now
that does exactly what Jason needs - encrypted devices.

Apparently, Sybase resells their product. Anyway, their website
is http://www.protegrity.com or he could try calling Dan Kidd
(their sales director) on 815 477 2059 or 815 404 3322 to get
the low down direct.

-am © 2002


Jason Webster Posted on 2002-08-12 18:40:34.0Z
From: "Jason Webster" <jason.webster`@mail.state.ky.us>
References: <gcdKuhKNCHA.306@forums.sybase.com> <XPFD#IYNCHA.582@forums.sybase.com> <J6#2nqxNCHA.306@forums.sybase.com> <20020805192229044-0500@localhost.local> <3D577630.A6A1CBE1@start.com.au>
Subject: Re: Encrypted backups
Date: Mon, 12 Aug 2002 14:40:34 -0400
Lines: 23
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <kE9qYFjQCHA.298@forums.sybase.com>
Newsgroups: sybase.public.ase.product_futures_discussion
NNTP-Posting-Host: 205.204.186.5
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:330
Article PK: 93502

Thank you.

"Anthony Mandic" <am_is_not@start.com.au> wrote in message
news:3D577630.A6A1CBE1@start.com.au...
> "Jason L. Froebe" wrote:
>
> > In the meantime, you could mount an encrypted filesystem and dump to
> > there. If you particular Unix doesn't support this, then you can use
> > the remote backup feature and dump to an encrypted filesystem on Linux -
> > which of course, you can automatically have it compressed.
>
> As an alternative, Jason W. could have gone to TechWave where
> he would have discovered "protegrity" who have a product now
> that does exactly what Jason needs - encrypted devices.
>
> Apparently, Sybase resells their product. Anyway, their website
> is http://www.protegrity.com or he could try calling Dan Kidd
> (their sales director) on 815 477 2059 or 815 404 3322 to get
> the low down direct.
>
> -am © 2002


Jim Egan Posted on 2002-07-27 05:19:06.0Z
From: Jim Egan <dontspam.dbaguru@eganomics.com>
Subject: Re: Encrypted backups
Date: Fri, 26 Jul 2002 23:19:06 -0600
Message-ID: <MPG.17abdb39f861814498bef3@forums.sybase.com>
References: <gcdKuhKNCHA.306@forums.sybase.com>
Reply-To: eganjp@compuserve.com
X-Newsreader: MicroPlanet Gravity v2.50
Newsgroups: sybase.public.ase.product_futures_discussion
Lines: 23
NNTP-Posting-Host: 12-252-108-115.client.attbi.com 12.252.108.115
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:360
Article PK: 93529


jason.webster`@mail.state.ky.us wrote...
> If I dump a database -- say to tape for arguments sake -- and someone takes
> that tape to a different server they can load it. In other words, in spite
> of any efforts made to secure my server, the database can still be
> compromised by anyone who has access to the backup volume.
>
> We are a government site with centralized backup (TSM) which means that many
> people can potentially get my backup volume, and our security division has a
> problem with this.
>
> If backups can be compressed, they can also be encrypted. I want the
> ability to encrypt backups with a key that I can make up and change as I
> wish. How hard would this be to provide?

Sounds like a reasonable suggestion to me. However, they should also have internal
encryption of data also (encrypted within a column).
--
Jim Egan [TeamSybase]


Anthony Mandic Posted on 2002-07-26 14:52:56.0Z
Message-ID: <3D416248.573C49B0@start.com.au>
Date: Sat, 27 Jul 2002 00:52:56 +1000
From: Anthony Mandic <spam_block@start.com.au>
Organization: Mandic Consulting Pty. Ltd.
X-Mailer: Mozilla 4.61 [en] (WinNT; I)
MIME-Version: 1.0
Subject: Re: Encrypted backups
References: <gcdKuhKNCHA.306@forums.sybase.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Newsgroups: sybase.public.ase.product_futures_discussion
Lines: 24
NNTP-Posting-Host: 203.3.176.10
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:365
Article PK: 93532


Jason Webster wrote:
>
> If I dump a database -- say to tape for arguments sake -- and someone takes
> that tape to a different server they can load it. In other words, in spite
> of any efforts made to secure my server, the database can still be
> compromised by anyone who has access to the backup volume.
>
> We are a government site with centralized backup (TSM) which means that many
> people can potentially get my backup volume, and our security division has a
> problem with this.
>
> If backups can be compressed, they can also be encrypted. I want the
> ability to encrypt backups with a key that I can make up and change as I
> wish. How hard would this be to provide?

Probably easier for someone in your security division to
ride shotgun next to your backup server. If you guard your
tapes, who will get unauthorised access to them. Don't
forget that filesystem backups are involved as well.

-am © 2002


Jason Webster Posted on 2002-07-26 19:36:55.0Z
From: "Jason Webster" <jason.webster`@mail.state.ky.us>
References: <gcdKuhKNCHA.306@forums.sybase.com> <3D416248.573C49B0@start.com.au>
Subject: Re: Encrypted backups
Date: Fri, 26 Jul 2002 15:36:55 -0400
Lines: 46
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <jWdkS1NNCHA.196@forums.sybase.com>
Newsgroups: sybase.public.ase.product_futures_discussion
NNTP-Posting-Host: 205.204.186.5
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:363
Article PK: 93531


"Anthony Mandic" <spam_block@start.com.au> wrote in message
news:3D416248.573C49B0@start.com.au...
> Jason Webster wrote:
> >
> > If I dump a database -- say to tape for arguments sake -- and someone
takes
> > that tape to a different server they can load it. In other words, in
spite
> > of any efforts made to secure my server, the database can still be
> > compromised by anyone who has access to the backup volume.
> >
> > We are a government site with centralized backup (TSM) which means that
many
> > people can potentially get my backup volume, and our security division
has a
> > problem with this.
> >
> > If backups can be compressed, they can also be encrypted. I want the
> > ability to encrypt backups with a key that I can make up and change as I
> > wish. How hard would this be to provide?
>
> Probably easier for someone in your security division to
> ride shotgun next to your backup server. If you guard your
> tapes, who will get unauthorised access to them. Don't
> forget that filesystem backups are involved as well.
>
> -am © 2002

First of all let me say this: I agree with you for the most part.

However, your suggestion won't work for me because: 1) I don't set policy, I
comply with it, and 2) our centralized backup system is online and used by
many people so it should be assumed that someone could get hold of something
that is stored there.

Now that that's been said, let me deal with something that has been bugging
me about this newsgroup. I thought this was the place to air desires for
future enhancements to ASE, but whenever I ask for something, someone
invariably tells me to forget my request and reorganize my problem so that
no enhancement is necessary. What am I missing here?

--
Jason Webster


Anthony Mandic Posted on 2002-07-27 03:05:13.0Z
Message-ID: <3D420DE9.33855238@start.com.au>
Date: Sat, 27 Jul 2002 13:05:13 +1000
From: Anthony Mandic <spam_block@start.com.au>
Organization: Mandic Consulting Pty. Ltd.
X-Mailer: Mozilla 4.61 [en] (WinNT; I)
MIME-Version: 1.0
Subject: Re: Encrypted backups
References: <gcdKuhKNCHA.306@forums.sybase.com> <3D416248.573C49B0@start.com.au> <jWdkS1NNCHA.196@forums.sybase.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Newsgroups: sybase.public.ase.product_futures_discussion
Lines: 44
NNTP-Posting-Host: 203.3.176.10
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:361
Article PK: 93530


Jason Webster wrote:

> However, your suggestion won't work for me because: 1) I don't set policy, I
> comply with it, and 2) our centralized backup system is online and used by
> many people so it should be assumed that someone could get hold of something
> that is stored there.

Then those who set the policy should think a little harder.
Anyone doing backups will be affected - not just you. So
everyone doing backups should encrypt. With some forms of
backups this isn't possible so the most logical place to
encrypt would be to do it in the TSM software you are using.
That product should have some form of encryption which you
all can use. Failing that your current options are to dump
to disk and then encrypt before backing up to tape or use
the Sybase BACKUP API to roll your own method with encryption.

> Now that that's been said, let me deal with something that has been bugging
> me about this newsgroup. I thought this was the place to air desires for
> future enhancements to ASE, but whenever I ask for something, someone
> invariably tells me to forget my request and reorganize my problem so that
> no enhancement is necessary. What am I missing here?

I don't know about anyone else but some of the posts I've seen
here aren't well thought out. Others aren't even decipherable.
Of those that make any sense, some are only of benefit to one
particular site. In which case Sybase won't bother since there's
no advantage to implementing it when there are existing alternate
solutions. Of the few that are worthwhile, they would need to
go thru a process of refinement, selection and prioritising
which could end up taking a long while before they see the
light of day.

-am © 2002


Jason Webster Posted on 2002-07-29 16:00:18.0Z
From: "Jason Webster" <jason.webster`@mail.state.ky.us>
References: <gcdKuhKNCHA.306@forums.sybase.com> <3D416248.573C49B0@start.com.au> <jWdkS1NNCHA.196@forums.sybase.com> <3D420DE9.33855238@start.com.au>
Subject: Re: Encrypted backups
Date: Mon, 29 Jul 2002 12:00:18 -0400
Lines: 48
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <onfsOqxNCHA.306@forums.sybase.com>
Newsgroups: sybase.public.ase.product_futures_discussion
NNTP-Posting-Host: 205.204.186.5
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:358
Article PK: 93528

Encryption at the TSM level does make the most sense -- I certainly agree
with that.

"Anthony Mandic" <spam_block@start.com.au> wrote in message
news:3D420DE9.33855238@start.com.au...
> Jason Webster wrote:
>
> > However, your suggestion won't work for me because: 1) I don't set
policy, I
> > comply with it, and 2) our centralized backup system is online and used
by
> > many people so it should be assumed that someone could get hold of
something
> > that is stored there.
>
> Then those who set the policy should think a little harder.
> Anyone doing backups will be affected - not just you. So
> everyone doing backups should encrypt. With some forms of
> backups this isn't possible so the most logical place to
> encrypt would be to do it in the TSM software you are using.
> That product should have some form of encryption which you
> all can use. Failing that your current options are to dump
> to disk and then encrypt before backing up to tape or use
> the Sybase BACKUP API to roll your own method with encryption.
>
> > Now that that's been said, let me deal with something that has been
bugging
> > me about this newsgroup. I thought this was the place to air desires
for
> > future enhancements to ASE, but whenever I ask for something, someone
> > invariably tells me to forget my request and reorganize my problem so
that
> > no enhancement is necessary. What am I missing here?
>
> I don't know about anyone else but some of the posts I've seen
> here aren't well thought out. Others aren't even decipherable.
> Of those that make any sense, some are only of benefit to one
> particular site. In which case Sybase won't bother since there's
> no advantage to implementing it when there are existing alternate
> solutions. Of the few that are worthwhile, they would need to
> go thru a process of refinement, selection and prioritising
> which could end up taking a long while before they see the
> light of day.
>
> -am © 2002


Anthony Mandic Posted on 2002-07-30 10:54:58.0Z
Message-ID: <3D467082.E98A75E7@start.com.au>
Date: Tue, 30 Jul 2002 20:54:58 +1000
From: Anthony Mandic <spam_block@start.com.au>
Organization: Mandic Consulting Pty. Ltd.
X-Mailer: Mozilla 4.61 [en] (WinNT; I)
MIME-Version: 1.0
Subject: Re: Encrypted backups
References: <gcdKuhKNCHA.306@forums.sybase.com> <3D416248.573C49B0@start.com.au> <jWdkS1NNCHA.196@forums.sybase.com> <3D420DE9.33855238@start.com.au> <onfsOqxNCHA.306@forums.sybase.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Newsgroups: sybase.public.ase.product_futures_discussion
Lines: 9
NNTP-Posting-Host: 203.3.176.10
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:356
Article PK: 93523


Jason Webster wrote:
>
> Encryption at the TSM level does make the most sense -- I certainly agree
> with that.

There's one other issue I didn't mention before but feel I should.
You also have one single point of failure. Security aside, your
backups aren't much good to you if you can't restore them.

-am © 2002