File Share Encryption

 View Only

  • 1.  Backup Strategy

    Posted Mar 01, 2016 03:40 PM

    Hi, Im looking for advice regarding backing up and protecting encrypted disks and virtual disks with Encryption Desktop.

    What do I need to backup to enable full recovery of encrypted disks and virtual disks?  Clearly any passphrases and usernames (I will save both but out of curiosity do you need both?).  Clearly, I need a ghost of any encrypted disks assuming ghosting preserves bootloader so that I can recover in case of hardware failure?

    If I decide to use a key instead of a passphrase I'm guessing I'd need to backthese up too, so is it enough backup the individual files or do I need to store the key details and assosiated passphrase in clear text in another location?  Also with keys, how do (if you can) recover keys either for lost passphrase or incase of importing keys into Encryption Desktop after re-installing software on new hardware? 

    I'm sure I'm making too much out of this but I want to be sure that if I have hardware failure I can reinstall and recover data and that I won't loose my keys when I need to install on new hardware.

    Thanks



  • 2.  RE: Backup Strategy

    Broadcom Employee
    Posted Mar 02, 2016 07:28 AM

    hi,

    I guess you are using standalone Symantec Encryption Desktop. I would recommend this for backup purposes:

    1. Backup your keyring and keep it in a safe place. You can export them as *.asc file (remember to check the "Include Private Key(s)" while importing). You are using them for email, File Share encryption.

    2. Create WinPE for a Disaster Recovery situation (like you are not able to boot the machine) - see https://support.symantec.com/en_US/article.HOWTO95227.html

    If crash of the system happens, you can access the machine booting from WinPE and access the data (eg. you can decrypt them). You can refer to this: http://www.symantec.com/connect/articles/how-decrypt-drive-windows-pe-symantec-encryption-desktop-10x

    3. Once you start encryption of the disk, the Whole Disk Recovery Token (WDRT) appears on the screen. Keep this number in a safe place (not this machine). It will not reappear again.

    4. Remember the passphrase for your drive encryption. Do not store it in a clear text as this is not secure.

    5. If data is critical, ensure to implement backup solution of the data.

    6. Run test of disaster recovery in lab to ensure you are familiar with the recovery.

    7. Periodically check if you are able to restore data from backup



  • 3.  RE: Backup Strategy

    Posted Mar 03, 2016 02:34 PM

    Hi w-d,

    Thanks for this, I shall give the disaster recovery a go and see how I get on :)