[Dshield] Firewall Tapes off site?

Miles Stevenson miles at mstevenson.org
Wed Mar 2 16:33:20 GMT 2005


Shane,

Sending copies of critical backups to an off site location is an excellent 
idea, and highly recommended. If a third party is going to be handling the 
data, then encrypt it with GnuPG. Make sure that your private key is well 
protected at your own facility, and that you don't lose the passphrase to the 
key. A lot of folks recommend against writing down such important 
passphrases, but I think it's a bad idea to risk forgetting the passphrase 
and not being able to restore from backups! Just store the hand-written 
passphrases in a good fireproof safe at your facility with reasonable access 
controls and you should be in good shape.

On Wednesday 02 March 2005 5:47 am, Shane Presley wrote:
> Slightly off topic, but I was wondering what various people think
> about sending firewall backup tapes off site?  Seems like you have to
> do it for D.R., but I also don't like the idea of the firewall
> OS/Application data being shipped to a third party?
>
> Shane
> -------------- Sponsor Message ------------------------------------
> SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
> http://www.sans.org/orlando05
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

-- 
Miles Stevenson
Email: miles at mstevenson.org
URL: http://www.mstevenson.org
PGP/GPG Key ID: 329F889D767D2F63



More information about the list mailing list