Release Note для Spectra Logic spectra t120
User Guide Updates
112
Maintaining passwords—Maintain a list of every password associated with each
key and securely store the list. Never keep this list as cleartext on a networked
computer, or send it through email as cleartext. For added security, encrypt the file
containing the list of passwords.
computer, or send it through email as cleartext. For added security, encrypt the file
containing the list of passwords.
Track key copies—Track every copy of each key. This is critical to meet
requirements that may govern data retention and data destruction. Destroying all
keys associated with encrypted data is sufficient to satisfy data destruction
requirements, since encrypted data cannot be accessed without the key used to
encrypt it.
keys associated with encrypted data is sufficient to satisfy data destruction
requirements, since encrypted data cannot be accessed without the key used to
encrypt it.
Spectra Logic recommends tracking the information listed in the following table for
every key that you create. For added security, encrypt the file containing the tracking
information.
every key that you create. For added security, encrypt the file containing the tracking
information.
Restoring Encrypted Data
Restoring encrypted data from tape follows the standard data restore processes that
you use with your backup software. The only difference is that the key used to encrypt
the data being restored needs to be on the library and assigned to the partition in
which the encrypted media is loaded. If the key is available, the data is automatically
decrypted as it is read from tape; standard restore procedures simply work.
you use with your backup software. The only difference is that the key used to encrypt
the data being restored needs to be on the library and assigned to the partition in
which the encrypted media is loaded. If the key is available, the data is automatically
decrypted as it is read from tape; standard restore procedures simply work.
If the encryption key required for a specific set of encrypted data has been exported
from the library and then deleted, the library prompts you with the moniker of the key
that is required to decrypt the data. You can use the key moniker to identify the key,
then import the key into the library as described in this section.
from the library and then deleted, the library prompts you with the moniker of the key
that is required to decrypt the data. You can use the key moniker to identify the key,
then import the key into the library as described in this section.
Note:
You also need the password used to encrypt the key when it was
exported.
exported.
Key Moniker:
_______________________
_______________________
Detailed Information
Number of key copies ______
and location of each copy:
and location of each copy:
1.
2.
3.
. . .
Password(s) associated with exported
copy of the moniker:
copy of the moniker:
Location of data stored on mobile
media, which has been encrypted
using this moniker:
media, which has been encrypted
using this moniker:
Dates of moniker creation and
proposed expiration:
proposed expiration: