IST Site Navigation:
Contact Us
How secure is the data on the backup servers?
The data passes thru the server and is stored on tape. Access to the server is restricted to system administrators. No data is stored on the server. TSM (UCBackup) does use a disk "pool" to stage data before it goes to tape, but that data is stored in a propriety database format and can only be access thru the TSM administrative modules.
Does UCbackup use a firewall?
The server is not firewalled because of the bandwidth requirements. The backup application requires network connectivity, so a firewall would not lessen risk. The server is very well hardened against outside attacks. No unnecessary server port are open for access. All communication with the server for administration is done via ssh.
Does UCbackup allow all IP addresses in or just campus?
Any IP can attempt to connect to the server, but the backup application only allows configured clients to access their data. Administrative access is controlled using access control lists and is restricted to system admin only.
Is sensitive data (personal info) safe from hackers as much as possible (what security measures are in place for this)?
Data is not stored on the server and would require detailed knowledge of the tape and operating systems to access the data on tape without the backup applications. Again, access to the backed up data on the server would require a hacker to have the not only root access, but application access as well. There is no way to download data on tape to a remote system which is not a backup client. The data cannot be read on the server. A compromised client could attempt to recover its own data, but the attack would be limited to that client's data only. It is suggested that sensitive data be encrypted on the client at all times regardless of backup method used.
Are communications between Backup Server and Client Server secure (SSL)?
The UCbackup services have the ability to backup data using an encrypted data stream between client and backup server. The client can turn this feature on. All data would be encrypted going to the backup server. Data would be stored on tape encrypted and only unencrypted once it was recovered back on the client system. Only the user has the encrptytion password and there is no way to recover a lost or forgotten password. There is a danger of not being able to recover encrypted data if the password is forgotten.
How are the tapes protected?
Physical security is an important part of backup and recovery. The backup server and tape silo are maintained in the campus data center, which has 24-hour security and cardkey access. Offsite tapes are shipped via locked steel containers and access to these is thru authorized admins only.