SlideShare a Scribd company logo

2014 02 comForte SecurTape product

Thomas Burg
Thomas Burg

This short presentation gives an overview about the comForte SecurTape product. SecurTape implements backup tape encryption for the HP NonStop computing platform. It uses software only.

Technology
1 of 13
Download to read offline
comForte’s SecurTape product provides software-based cryptography to secure the data at rest on your NonStop backup tapes. It co-operates with the standard NonStop Tape utilities BACKUP, RESTORE and BACKCOPY, as well the TMF audit & online dump and restore software, to transparently encrypt and decrypt the data. 1
2
SecurTape is designed with performance in mind. It can be configured to scale by launching slave processes to multiple CPUs to perform compression and encryption. Many of our customers have reported that it actually takes less time to perform their backups now they are using SecurTape to perform the encryption. 3
4
5
In a typical, unencrypted tape backup • the operator invokes the BACKUP process which sends the files to the TAPE process to interfaces with the physical tape drive. The restore process is the reverse procedure. Before we can do an encrypted backup, we need to do a one time preparation of the environment. • First we need to establish the KEYSTORE which will securely houses our encryption keys. As indicated, this is done with two fairly simple TACL commands. • Next we need to bind STAPELIB into a copy of the Backup process and the Restore process. Now we are ready to do an encrypted backup: • Now when the operator runs the backup process, STAPE is used to encrypt the data before sending the data to the TAPE process. 6
Since backups are often done in a tight window during non-peak times, it is important to minimize the duration of the backup cycle. This diagram will demonstrate how SecurTape is optimized to reduce the time it takes to encrypt and backup the data. SecurTape has the ability to allocate parallel processing to multiple CPUs. Since it takes less CPU to compress data than to encrypt it, SecurTape first compress, then encrypts the datablocks before sending them to the TAPE process. Here is how it accomplishes this: •The backup process breaks up the files into datablocks which are sent to the STAPE Master processes . When STAPE master receives a datablock, it deligates the block to slave STAPEs running in other CPUs. If all STAPE slaves are busy, STAPE master also uses its own cryptengine. This gives the slaves time to complete. • STAPE first compresses, then encrypts the datablock. The encrypted data blocks are then sent to the Stape Master and are written in the correct order to tape 7
8
PCI requirement 3.6 specifies that you must “Fully document and implement all key management processes and procedures for keys used for encryption of cardholder data.” SecurTape provides a rich set of commands to be able to accomplish this requirement. 9
Proper key management requires planning. SecurTape uses strong cryptographic techniques to protect the data written to the backup tapes. Losing a key for a specific backup tape is equivalent to losing the backup tape itself. It is *not* possible to RESTORE an encrypted backup tape without possession of the proper key. Therefore, it is important to plan for a disaster which might require you to restore the backup tapes • Keys used to encrypt the tape should be exported and stored in a secure place to be available in case of a disaster. • The keys should be exported using a passphrase to secure the private key. You will then only be able to “Import” the key if you know the passphrase. • Practice your disaster recovery plan - a backup can only be useful if it can be successfully restored. Always practice a restore before you actually have to rely on it. 10
This leads us to the question of how we restore a secure tape to another system. If we want to backup from one NonStop system and then restore that secure backup tape on another NonStop system, we’ll need to make the encryption keys available on the restore system to do the decryption. •To accomplish this, we first need to export the keys which were used to do the original backup. This is accomplished using the SecurTape “EXPORT” command as shown in this example TACL command. Note the use of a pass phrase to secure the exported key files. • Next we need to transport the key files to the other NonStop system typically using FTP. • Finally, doing an IMPORT of the key files to generate the keystore on the second system, we are now ready to restore the encrypted tape. If TMF is used to audit the Keystore file, then the export/import process is unnecessary since standard replication is used between the two sites. Authors note: Don’t need to be super.super if key was generated as weak user 11
12
13

Recommended

Nagios nrpe
Nagios nrpeNagios nrpe
Nagios nrpesharad chhetri
 
Step by-step installation of a secure linux web dns- and mail server
Step by-step installation of a secure linux web dns- and mail serverStep by-step installation of a secure linux web dns- and mail server
Step by-step installation of a secure linux web dns- and mail serverIntegrated Circuit Design Research & Education Center (ICDREC)
 
Rdo mitaka
Rdo mitakaRdo mitaka
Rdo mitakaNarasimha sreeram
 
Devstack
DevstackDevstack
DevstackNarasimha sreeram
 
How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)Jose Hernandez
 
Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)Kaustubh Padwad
 
Install telnet Linux
Install telnet LinuxInstall telnet Linux
Install telnet LinuxVCP Muthukrishna
 
Linux Security Crash Course
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash CourseUTD Computer Security Group
 

Recommended

Nagios nrpe
Nagios nrpeNagios nrpe
Nagios nrpesharad chhetri
 
Step by-step installation of a secure linux web dns- and mail server
Step by-step installation of a secure linux web dns- and mail serverStep by-step installation of a secure linux web dns- and mail server
Step by-step installation of a secure linux web dns- and mail serverIntegrated Circuit Design Research & Education Center (ICDREC)
 
Rdo mitaka
Rdo mitakaRdo mitaka
Rdo mitakaNarasimha sreeram
 
Devstack
DevstackDevstack
DevstackNarasimha sreeram
 
How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)Jose Hernandez
 
Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)Kaustubh Padwad
 
Install telnet Linux
Install telnet LinuxInstall telnet Linux
Install telnet LinuxVCP Muthukrishna
 
Linux Security Crash Course
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash CourseUTD Computer Security Group
 
Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installationsNETWAYS
 
CentOS Server Gui Initial Configuration
CentOS Server Gui Initial ConfigurationCentOS Server Gui Initial Configuration
CentOS Server Gui Initial ConfigurationKaan Aslandağ
 
Open stack implementation
Open stack implementation Open stack implementation
Open stack implementation Soumyajit Basu
 
opensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for Tumbleweedopensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for TumbleweedMarcus Meissner
 
How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)Jose Hernandez
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7Balamurugan M
 
Virt monitoring
Virt monitoringVirt monitoring
Virt monitoringAmadou tidiane Diallo
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Use bonding driver with ethernet
Use bonding driver with ethernetUse bonding driver with ethernet
Use bonding driver with ethernetSUSE Labs Taipei
 
Virtual box installation
Virtual box installationVirtual box installation
Virtual box installationNiranjan Pandey
 
Oracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartOracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartAshwin Pawar
 
Nrpe
NrpeNrpe
NrpeTushar Dwivedi
 
Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...SaltStack
 
SnapDiff
SnapDiffSnapDiff
SnapDiffAshwin Pawar
 
NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNetProtocol Xpert
 
Cloud stack monitoring with zenoss
Cloud stack monitoring with zenossCloud stack monitoring with zenoss
Cloud stack monitoring with zenossShanker Balan
 
OpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon Garcia
OpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon GarciaOpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon Garcia
OpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon GarciaOpenNebula Project
 
What is Firewall?
What is Firewall?What is Firewall?
What is Firewall?NetProtocol Xpert
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleMajor Hayden
 
RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -Naoto MATSUMOTO
 
12.feim un calendari
12.feim un calendari12.feim un calendari
12.feim un calendariProfescpvivero
 
Presente continuo en inglés
Presente continuo en inglésPresente continuo en inglés
Presente continuo en inglésGabriel Gonzalez Vega
 

More Related Content

What's hot

Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installationsNETWAYS
 
CentOS Server Gui Initial Configuration
CentOS Server Gui Initial ConfigurationCentOS Server Gui Initial Configuration
CentOS Server Gui Initial ConfigurationKaan Aslandağ
 
Open stack implementation
Open stack implementation Open stack implementation
Open stack implementation Soumyajit Basu
 
opensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for Tumbleweedopensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for TumbleweedMarcus Meissner
 
How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)Jose Hernandez
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7Balamurugan M
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Use bonding driver with ethernet
Use bonding driver with ethernetUse bonding driver with ethernet
Use bonding driver with ethernetSUSE Labs Taipei
 
Virtual box installation
Virtual box installationVirtual box installation
Virtual box installationNiranjan Pandey
 
Oracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartOracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartAshwin Pawar
 
Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...SaltStack
 
NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNetProtocol Xpert
 
Cloud stack monitoring with zenoss
Cloud stack monitoring with zenossCloud stack monitoring with zenoss
Cloud stack monitoring with zenossShanker Balan
 
OpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon Garcia
OpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon GarciaOpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon Garcia
OpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon GarciaOpenNebula Project
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleMajor Hayden
 
RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -Naoto MATSUMOTO
 

What's hot (20)

Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installations
 
CentOS Server Gui Initial Configuration
CentOS Server Gui Initial ConfigurationCentOS Server Gui Initial Configuration
CentOS Server Gui Initial Configuration
 
Open stack implementation
Open stack implementation Open stack implementation
Open stack implementation
 
opensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for Tumbleweedopensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for Tumbleweed
 
How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)How to Make a Honeypot Stickier (SSH*)
How to Make a Honeypot Stickier (SSH*)
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7
 
Virt monitoring
Virt monitoringVirt monitoring
Virt monitoring
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Use bonding driver with ethernet
Use bonding driver with ethernetUse bonding driver with ethernet
Use bonding driver with ethernet
 
Virtual box installation
Virtual box installationVirtual box installation
Virtual box installation
 
Oracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartOracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restart
 
Nrpe
NrpeNrpe
Nrpe
 
Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...
 
SnapDiff
SnapDiffSnapDiff
SnapDiff
 
NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security Context
 
Cloud stack monitoring with zenoss
Cloud stack monitoring with zenossCloud stack monitoring with zenoss
Cloud stack monitoring with zenoss
 
OpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon Garcia
OpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon GarciaOpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon Garcia
OpenNebulaConf2015 1.09.02 Installgems Add-on - Alvaro Simon Garcia
 
What is Firewall?
What is Firewall?What is Firewall?
What is Firewall?
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with Ansible
 
RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -
 

Viewers also liked

From Russia with Love - modern tools used in Cyber Attacks
From Russia with Love - modern tools used in Cyber AttacksFrom Russia with Love - modern tools used in Cyber Attacks
From Russia with Love - modern tools used in Cyber AttacksThomas Burg
 
Survival of the Fittest: Modernize your NonStop applications today
Survival of the Fittest: Modernize your NonStop applications todaySurvival of the Fittest: Modernize your NonStop applications today
Survival of the Fittest: Modernize your NonStop applications todayThomas Burg
 
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...Thomas Burg
 
2014 11 data at rest protection for base24 - lessons learned in production
2014 11 data at rest protection for base24 - lessons learned in production2014 11 data at rest protection for base24 - lessons learned in production
2014 11 data at rest protection for base24 - lessons learned in productionThomas Burg
 
You may be compliant, but are you really secure?
You may be compliant, but are you really secure?You may be compliant, but are you really secure?
You may be compliant, but are you really secure?Thomas Burg
 
comForte CSL: a messaging middleware framework for HP NonStop
comForte CSL: a messaging middleware framework for HP NonStopcomForte CSL: a messaging middleware framework for HP NonStop
comForte CSL: a messaging middleware framework for HP NonStopThomas Burg
 
DUG 2010 Technical Workshop Presentation
DUG 2010 Technical Workshop PresentationDUG 2010 Technical Workshop Presentation
DUG 2010 Technical Workshop PresentationHarbisonFischer
 
HP NonStop applications: Modernization from the Ground-up and the User-in
HP NonStop applications: Modernization from the Ground-up and the User-inHP NonStop applications: Modernization from the Ground-up and the User-in
HP NonStop applications: Modernization from the Ground-up and the User-inThomas Burg
 
The attack on TARGET: how was it done - lessons learned for protecting HP Non...
The attack on TARGET: how was it done - lessons learned for protecting HP Non...The attack on TARGET: how was it done - lessons learned for protecting HP Non...
The attack on TARGET: how was it done - lessons learned for protecting HP Non...Thomas Burg
 
The attack against target - how was it done and how has it changed the securi...
The attack against target - how was it done and how has it changed the securi...The attack against target - how was it done and how has it changed the securi...
The attack against target - how was it done and how has it changed the securi...Thomas Burg
 
Comparing the TCO of HP NonStop with Oracle RAC
Comparing the TCO of HP NonStop with Oracle RACComparing the TCO of HP NonStop with Oracle RAC
Comparing the TCO of HP NonStop with Oracle RACThomas Burg
 
BASE24 classic - modernization options
BASE24 classic - modernization optionsBASE24 classic - modernization options
BASE24 classic - modernization optionsThomas Burg
 
Style Ethnique Et Rhetorique Politique
Style Ethnique Et Rhetorique PolitiqueStyle Ethnique Et Rhetorique Politique
Style Ethnique Et Rhetorique Politiquekimo063
 

Viewers also liked (20)

12.feim un calendari
12.feim un calendari12.feim un calendari
12.feim un calendari
 
Presente continuo en inglés
Presente continuo en inglésPresente continuo en inglés
Presente continuo en inglés
 
From Russia with Love - modern tools used in Cyber Attacks
From Russia with Love - modern tools used in Cyber AttacksFrom Russia with Love - modern tools used in Cyber Attacks
From Russia with Love - modern tools used in Cyber Attacks
 
Survival of the Fittest: Modernize your NonStop applications today
Survival of the Fittest: Modernize your NonStop applications todaySurvival of the Fittest: Modernize your NonStop applications today
Survival of the Fittest: Modernize your NonStop applications today
 
8.foguerons
8.foguerons8.foguerons
8.foguerons
 
7.enfilam
7.enfilam7.enfilam
7.enfilam
 
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...
 
The present simple
The present simpleThe present simple
The present simple
 
2014 11 data at rest protection for base24 - lessons learned in production
2014 11 data at rest protection for base24 - lessons learned in production2014 11 data at rest protection for base24 - lessons learned in production
2014 11 data at rest protection for base24 - lessons learned in production
 
You may be compliant, but are you really secure?
You may be compliant, but are you really secure?You may be compliant, but are you really secure?
You may be compliant, but are you really secure?
 
comForte CSL: a messaging middleware framework for HP NonStop
comForte CSL: a messaging middleware framework for HP NonStopcomForte CSL: a messaging middleware framework for HP NonStop
comForte CSL: a messaging middleware framework for HP NonStop
 
Antivirus 1
Antivirus 1Antivirus 1
Antivirus 1
 
DUG 2010 Technical Workshop Presentation
DUG 2010 Technical Workshop PresentationDUG 2010 Technical Workshop Presentation
DUG 2010 Technical Workshop Presentation
 
HP NonStop applications: Modernization from the Ground-up and the User-in
HP NonStop applications: Modernization from the Ground-up and the User-inHP NonStop applications: Modernization from the Ground-up and the User-in
HP NonStop applications: Modernization from the Ground-up and the User-in
 
The attack on TARGET: how was it done - lessons learned for protecting HP Non...
The attack on TARGET: how was it done - lessons learned for protecting HP Non...The attack on TARGET: how was it done - lessons learned for protecting HP Non...
The attack on TARGET: how was it done - lessons learned for protecting HP Non...
 
The attack against target - how was it done and how has it changed the securi...
The attack against target - how was it done and how has it changed the securi...The attack against target - how was it done and how has it changed the securi...
The attack against target - how was it done and how has it changed the securi...
 
Present perfect simple
Present perfect simplePresent perfect simple
Present perfect simple
 
Comparing the TCO of HP NonStop with Oracle RAC
Comparing the TCO of HP NonStop with Oracle RACComparing the TCO of HP NonStop with Oracle RAC
Comparing the TCO of HP NonStop with Oracle RAC
 
BASE24 classic - modernization options
BASE24 classic - modernization optionsBASE24 classic - modernization options
BASE24 classic - modernization options
 
Style Ethnique Et Rhetorique Politique
Style Ethnique Et Rhetorique PolitiqueStyle Ethnique Et Rhetorique Politique
Style Ethnique Et Rhetorique Politique
 

Similar to 2014 02 comForte SecurTape product

[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...NETWAYS
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsPriyanka Aash
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteHostedGraphite
 
Client side exploits
Client side exploitsClient side exploits
Client side exploitsnickyt8
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada
 
Linux Server Deep Dives (DrupalCon Amsterdam)
Linux Server Deep Dives (DrupalCon Amsterdam)Linux Server Deep Dives (DrupalCon Amsterdam)
Linux Server Deep Dives (DrupalCon Amsterdam)Amin Astaneh
 
Slide cipher based encryption
Slide cipher based encryptionSlide cipher based encryption
Slide cipher based encryptionMizi Mohamad
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
Looking into trusted and encrypted keys
Looking into trusted and encrypted keysLooking into trusted and encrypted keys
Looking into trusted and encrypted keysSUSE Labs Taipei
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecPacSecJP
 
Presentación di
Presentación diPresentación di
Presentación diIrvincp
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX SecurityHelpSystems
 

Similar to 2014 02 comForte SecurTape product (20)

[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
OSMC 2009 | Windows monitoring - Going where no man has gone before... by Mic...
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 
hakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_ENhakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_EN
 
Optimizing Linux Servers
Optimizing Linux ServersOptimizing Linux Servers
Optimizing Linux Servers
 
Client side exploits
Client side exploitsClient side exploits
Client side exploits
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
 
Linux Server Deep Dives (DrupalCon Amsterdam)
Linux Server Deep Dives (DrupalCon Amsterdam)Linux Server Deep Dives (DrupalCon Amsterdam)
Linux Server Deep Dives (DrupalCon Amsterdam)
 
Slide cipher based encryption
Slide cipher based encryptionSlide cipher based encryption
Slide cipher based encryption
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
Looking into trusted and encrypted keys
Looking into trusted and encrypted keysLooking into trusted and encrypted keys
Looking into trusted and encrypted keys
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsec
 
Presentación di
Presentación diPresentación di
Presentación di
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
 
Introduction to OS.
Introduction to OS.Introduction to OS.
Introduction to OS.
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX Security
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 

2014 02 comForte SecurTape product

  • 1. comForte’s SecurTape product provides software-based cryptography to secure the data at rest on your NonStop backup tapes. It co-operates with the standard NonStop Tape utilities BACKUP, RESTORE and BACKCOPY, as well the TMF audit & online dump and restore software, to transparently encrypt and decrypt the data. 1
  • 2. 2
  • 3. SecurTape is designed with performance in mind. It can be configured to scale by launching slave processes to multiple CPUs to perform compression and encryption. Many of our customers have reported that it actually takes less time to perform their backups now they are using SecurTape to perform the encryption. 3
  • 4. 4
  • 5. 5
  • 6. In a typical, unencrypted tape backup • the operator invokes the BACKUP process which sends the files to the TAPE process to interfaces with the physical tape drive. The restore process is the reverse procedure. Before we can do an encrypted backup, we need to do a one time preparation of the environment. • First we need to establish the KEYSTORE which will securely houses our encryption keys. As indicated, this is done with two fairly simple TACL commands. • Next we need to bind STAPELIB into a copy of the Backup process and the Restore process. Now we are ready to do an encrypted backup: • Now when the operator runs the backup process, STAPE is used to encrypt the data before sending the data to the TAPE process. 6
  • 7. Since backups are often done in a tight window during non-peak times, it is important to minimize the duration of the backup cycle. This diagram will demonstrate how SecurTape is optimized to reduce the time it takes to encrypt and backup the data. SecurTape has the ability to allocate parallel processing to multiple CPUs. Since it takes less CPU to compress data than to encrypt it, SecurTape first compress, then encrypts the datablocks before sending them to the TAPE process. Here is how it accomplishes this: •The backup process breaks up the files into datablocks which are sent to the STAPE Master processes . When STAPE master receives a datablock, it deligates the block to slave STAPEs running in other CPUs. If all STAPE slaves are busy, STAPE master also uses its own cryptengine. This gives the slaves time to complete. • STAPE first compresses, then encrypts the datablock. The encrypted data blocks are then sent to the Stape Master and are written in the correct order to tape 7
  • 8. 8
  • 9. PCI requirement 3.6 specifies that you must “Fully document and implement all key management processes and procedures for keys used for encryption of cardholder data.” SecurTape provides a rich set of commands to be able to accomplish this requirement. 9
  • 10. Proper key management requires planning. SecurTape uses strong cryptographic techniques to protect the data written to the backup tapes. Losing a key for a specific backup tape is equivalent to losing the backup tape itself. It is *not* possible to RESTORE an encrypted backup tape without possession of the proper key. Therefore, it is important to plan for a disaster which might require you to restore the backup tapes • Keys used to encrypt the tape should be exported and stored in a secure place to be available in case of a disaster. • The keys should be exported using a passphrase to secure the private key. You will then only be able to “Import” the key if you know the passphrase. • Practice your disaster recovery plan - a backup can only be useful if it can be successfully restored. Always practice a restore before you actually have to rely on it. 10
  • 11. This leads us to the question of how we restore a secure tape to another system. If we want to backup from one NonStop system and then restore that secure backup tape on another NonStop system, we’ll need to make the encryption keys available on the restore system to do the decryption. •To accomplish this, we first need to export the keys which were used to do the original backup. This is accomplished using the SecurTape “EXPORT” command as shown in this example TACL command. Note the use of a pass phrase to secure the exported key files. • Next we need to transport the key files to the other NonStop system typically using FTP. • Finally, doing an IMPORT of the key files to generate the keystore on the second system, we are now ready to restore the encrypted tape. If TMF is used to audit the Keystore file, then the export/import process is unnecessary since standard replication is used between the two sites. Authors note: Don’t need to be super.super if key was generated as weak user 11
  • 12. 12
  • 13. 13