Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WI_Repalcing_and_Updating_the_EMC_Mozy_Enterprise_Encryption_Key

  • Login to see the comments

  • Be the first to like this

WI_Repalcing_and_Updating_the_EMC_Mozy_Enterprise_Encryption_Key

  1. 1. Page 1 of 9 WORK INSTRUCTIONTITLE WI_Replacingandupdatingthe EMC Mozy Enterprise EncryptionKey REVISION DATE 01/29/2014 DEPARTMENT IO – End User Computing REVISION NUMBER 1.0 OWNER Eric Roberson–End User Computing Team REVIEW DATE 01/30/2014 APPROVER: TABLE OF CONTENTS TABLE OF CONTENTS............................................................................................................... 1 PURPOSE/BACKGROUND........................................................................................................ 1 SCOPE............................................................................................................................................2 RESPONSIBILITIES....................................................................................................................2 REFERENCES/DEFINITIONS..................................................................................................2 Related Documents..................................................................................................................... 2 Definitions................................................................................................................................... 2 WORK INSTRUCTION...............................................................................................................3 1.0 Download the Mozy Encryption Utility............................................................................ 3 2.0 Generate a new encryption key....................................................................................... 4 3.0 Replacing the ckey via the Mozy Administration Console ............................................... 6 REVISION SUMMARY................................................................................................................8 Tags................................................................................................................................................8 References.....................................................................................................................................9 PURPOSE/BACKGROUND Following is an excerpt from Securing and Encrypting Online Backup (EMC Corporation, pg. 3): “The Enterprise Custom Key option enables enterprises to take advantage of the strength of the AES algorithm to encrypt their data, while significantly simplifying and strengthening passphrase management. With the Enterprise Custom Key option, one individual establishes the passphrase key for the entire organization. This individual could be anyone you choose, such as an IT or security director, manager or administrator. From within the Mozy administration console you set the Enterprise Custom Key passphrase and where it will be stored, such as a network share, web server, or as part of a package for installing Mozy on client machines. As Mozy is employed on different machines, each machine will access that location to use the encryption key for encrypting and decrypting files. Since the Enterprise Custom Key passphrase will likely be stored on a network share or web server, to protect against unauthorized access of
  2. 2. Page 2 of 9 that key Mozy employs a Shared Secret capability that encrypts the passphrase. As you install Mozy on your client machines, the encryption of that passphrase will automatically be programmed into each client. As a result, your workstations running the Mozy backup client will be able to seamlessly leverage that passphrase to encrypt or decrypt files as needed.” SCOPE This document explains how to generate a new encryption key and how to replace the encryption key in the Mozy Administration Console. RESPONSIBILITIES EUC is responsible for administration of the Mozy ckey. IP&C shares knowledge of the ckey, but is not responsible of administration of the ckey through the Mozy Administration Console. REFERENCES/DEFINITIONS Related Documents See References section below. Definitions Enterprise Custom Key –an encryption option for Mozy which uses the Advanced Encryption Standard (AES); the same key is shared for the entire enterprise to encrypt and decrypt files, and the key is sometimes referred to as the ckey. Mozy Administration Console – a web-based application used for administration of Mozy, including but not limited to client options, groups, encryption keys; the site is accessed by administrators via https://secure.mozy.com. Passphrase – a strong and complex phrase used to create the encryption key; currently owned and maintained by End User Computing (EUC) and IT Application Security teams. Shared Secret - a file provided by Mozy support which is used as part of the process to generate a new encryption key.
  3. 3. Page 3 of 9 WORK INSTRUCTION 1.0 Downloadthe MozyEncryptionUtility 1. Launch a webbrowser,thengoto the Mozy AdministrationConsoleat https://secure.mozy.com. Logintothe site as an administrator. 2. Downloadthe MozyEncryptionUtility. ClickResourcesinthe leftcolumn,thenclick Download Mozy Enterprise Client. Inthe pane on the right,click WindowsCryptoUtil.
  4. 4. Page 4 of 9 3. Save the file tothe local hard diskdrive. 2.0 Generate a new encryption key 1. Rightclick MozyEnterprisecryptoutil.exe,thenclick RunAs Administrator. Enter credentialsfor an account withelevatedprivileges.
  5. 5. Page 5 of 9 2. In the EnterKeyfield,type the passphrase forthe new encryptionkey. Click Ok. NOTE: The passphrase isownedandmaintainedbythe ITApplicationSecurityandEndUser ComputingTeams. WARNING: The Passphrase mustmeetcomplexityrequirementsprovidedbythe ITApplication Securityteam. For informationregardingcomplexityrequirements,contactITApplication Security.
  6. 6. Page 6 of 9 3. In the Share Secretfield,browse tothe location of the sharedsecretfile ss9-1234.ss. NOTE: Mozy providesthe sharedsecretfile. ContactMozyif a replacementfile isneeded. 4. ClickExport, thenselectalocationinwhichto save the new encryptionkey. 3.0 Replacingthe ckey via the Mozy Administration Console 1. Launch a webbrowser,thengoto http://secure.mozy.com . Entercredentialsforanaccount withadministratorrightstothe Mozy AdministrationConsole. 2. In the leftcolumnunderConfiguration, clickClientConfiguration. Inthe pane onthe right,click the ClientConfigurationtoedit. Forexample,click_Laptop.
  7. 7. Page 7 of 9 3. In the fieldAlwaysuse the followingencryptionkey,enterthe pathto the *.ckeyfile. WARNING: Replacingthe *.ckeymaypreventexistingbackupsfromrunning.
  8. 8. Page 8 of 9 4. Scroll all the way to the bottomthenclick Save. 5. Mozy clientswill notbe able tobackupor retrieve filesuntiltheyare reauthorizedwiththen newencryptionkey. REVISION SUMMARY Revision Date Author Comments .1 29-Jan-2014 Eric Roberson First Draft .9 30-Jan-2014 Dodson Lawson Review 1.0 30-Jan-2014 Eric Roberson Publish Tags Mozy, ckey, enterprise encryption key
  9. 9. Page 9 of 9 References EMC Corporation. Securing and Encrypting Online Backup. 1-4. (2013). Web. http://mozy.com/system/resources/W1siZiIsIjIwMTMvMTEvMDcvMDFfNTNfNTBfMjU5X0RhdG FzaGVldF9fX01venlFbnRlcnByaXNlX19fRW5jcnlwdGlvbl9CcmllZi5wZGYiXV0/Datasheet_- _MozyEnterprise_-_Encryption_Brief.pdf

×