. . .
. . .
. . .
.
Atempo, Inc.
Securing Information in
LiveBackup
How LiveBackup secures data in
transmission and storage
© Copyright 2008 Atempo Inc. All rights reserved. Atempo and the Atempo logo are
trademarks or registered trademarks of Atempo Inc. All other trademarks, icons and logos are the property of their respective holders.
Other product and company names mentioned herein may be the trademarks of their respective owners.
The information contained in this document represents the current view of Atempo
Incorporated on the issues discussed as of the date of publication. Due to inevitable changes, it should not be interpreted as a commitment on the part of Atempo, and Atempo cannot guarantee the accuracy of any information presented after the date of publication.
This document is for information purposes only. Atempo makes no warranties express or
Table of Contents
Overview ...1 Client authentication...2 User privileges...3 Server administration... 3 Client administration ... 3 Encryption ...4. . .
. . .
. . .
.
Overview
LiveBackup secures your company’s data from loss, snooping, and theft. LiveBackup Security is based on the Windows domain security model. Within this model, LiveBackup allows you to configure the following security measures to protect your data:
• Client authentication • User privileges • Encryption
• Secure connections using HTTPS
2
Client authentication
LiveBackup protects each client individually and identifies each by a globally unique identifier (GUID), which is generated at installation. The LiveBackup Server uses this GUID to authenticate the LiveBackup Client computer, binding the server’s internal ID with the client’s GUID. The client GUID is protected by network encryption: see Encryption on page 4. You can also secure it using HTTPS: see Secure connections using HTTPS on page 5.
In addition to the GUID for the valid client identification, LiveBackup also assigns unique identifiers for every bit of data. Since LiveBackup works at the file system level, all data is identified by the client GUID, the volume serial number (VSN), and the path relative to the root file system.
3
User privileges
LiveBackup secures your organization’s files using Windows user security model. Security restrictions are imposed on both the LiveBackup Server and the LiveBackup Clients.
Server administration
To administer LiveBackup Server, the user requirements depend on the type of computer in the domain where you have installed LiveBackup Server—member or domain controller. Administering
LiveBackup Server on a member computer requires local administrative rights. Administering LiveBackup Server on a domain controller requires domain administrative rights.
Client administration
One way LiveBackup secures LiveBackup Client computers’ files is by locking out features through privileges assigned to clients and/or individual users. When each computer is added to LiveBackup as a LiveBackup Client, you can assign it a default user access level. All users who log in to the
LiveBackup Client computer will have at least the access rights assigned to the client as follows:
No access User Power User Super User
Protect files X X X X Recover files/folders X X X Tune performance X X X Configure notifications X X Disable/enable connection X X Pause/resume versioning X Configure update X
The administrator may also assign each user access privileges. These users have the same access on every LiveBackup Client computer. If a user is granted individual privileges, then when s/he logs into a LiveBackup Client computer, then s/he receives whichever privileges (user or client) are greater. For example, if a LiveBackup Client computer has been granted User access, and the user who logs into the computer has Power User privileges, then that user will be given Power User access to that particular LiveBackup Client computer. Users who were not granted individual access will have only the default User access assigned to the client.
Each time someone logs into a LiveBackup Client or Server, LiveBackup checks the user name and grants privileges and/or imposes restrictions on access, depending on the rights you assign. If LiveBackup does not recognize the user name, then the user is given the default access selected in Client Properties. This model ensures that non-LiveBackup users cannot perform file recoveries or system rollbacks, while also guaranteeing valid users the recovery access they need, and administrators the control they require. Regardless of the access rights assigned to the user logged into a LiveBackup Client computer, the client computer’s files will always be backed up to the server. Any LiveBackup User may restore files on any LiveBackup Client computer; however, files can be restored only to the client computer from which they were backed up.
For instructions on how to add users and assign privileges in LiveBackup, see Chapter 9 in the
4
Encryption
To safeguard the client's data, LiveBackup encrypts user document files during several stages of transmission and storage.
• Transmission: You can configure LiveBackup to encrypt files during both transmission to the LiveBackup Server for backup and transmission back to a LiveBackup Client computer for recovery. LiveBackup uses 128- or 40-bit cipher encryption for this protection, which prevents undesired access to the files during transmission (known as snooping the wire). The encryption is performed by the Microsoft Base or Enhanced Cryptographic Provider using the RC4 method. By default, transport encryption is enabled. You can choose the level of encryption to apply to data during transport.
• Storage: LiveBackup encrypts all data that is stored in the LiveBackup Storage Vault. This encryption prevents unauthorized access to clients’ files. You can configure the particular encryption algorithm that LiveBackup uses from System Settings in the LiveBackup Console.
Stored files are encrypted using a key, which is generated from the encryption password entered during encryption configuration. Configuring encryption is described on the following page.
In addition to this encryption protection, all LiveBackup Client files are stored in SQL Server databases, where they are protected by user access restrictions.
• System Image: Using the System Image Wizard, you can create a full image of any LiveBackup Client computer that has been protected with Full System Protection. To prevent this image from being created and then restored to an unauthorized
computer, you have the option of encrypting the system image itself. The encryption is performed with ©Dr. Brian Gladman’s implementation of the 128-bit key AES (Advanced Encryption Standard) algorithm, which generates an encryption key during system image creation. To use this encrypted image during disaster recovery to restore a LiveBackup Client computer, you must provide the encryption key to unlock the image.
For instructions on how to configure transport, storage, and system image encryption, the LiveBackup
5
Secure connections using HTTPS
LiveBackup supports secure communications between the server and client components by configuring LiveBackup to use HTTPS for data transport.
To complete this configuration requires a working knowledge of certificates, SSL, and HTTPS. For more detailed information, go to the Microsoft Web site, or contact Microsoft support.
Before continuing, note that the transport performance between the LiveBackup client and server decreases when using HTTPS, because HTTPS leads to higher CPU usage on the client and server. Carefully consider the impact of this performance degradation on your environment.
The basic setup for securing connections using HTTPS includes the following steps: 1. Obtain a certificate for SSL communication
2. Configure SSL in LiveBackup’s virtual Web sites in IIS using a certificate 3. Configure clients to trust the server certificate (optional)
4. Configure LiveBackup Client to accept HTTPS communications
For details on how to complete this procedure, see the full document: LiveBackup and SSL:
Configuring secure connections with LiveBackup using HTTPS, located in the LiveBackup
