Windows NT Backup and Security (104221)

MORE INFORMATION

Tape Security and Access

Tape security is in the form of access restriction to an entire tape or family set. The application does not provide restrictions to individual sets or files. When creating a new tape, the user has the option to restrict access to the tape by selecting the Restrict Access check box in the Backup Information dialog box.

Tape Ownership and Control

Under NTFS, file permission information is written with the files to tape. These are kept for restore purposes only and do not restrict access to files on the tape. However, the computer name of the system the backup was made from and user name of the person who first created a tape or tape set is stored in the tape header. Therefore, if you are logged on to MACHINE1\USER1, you cannot read secure tapes created by MACHINE2\USER1. These are considered two separate individuals. This allows enforcement of minimal restrictions to tape access. Access is controlled at a "tape" level. No attempt is made to restrict access at the backup set or to individual files on the tape. The "Restrict Access to Owner or Administrator" check box designates the tape as a "secure" tape. If the restrict access is enabled, Windows NT Backup protects the tape by creating a password from the user name and computer name. The tape can then be accessed with the backup software by only the following:

• The system administrator, who has access to all tapes.
• The person who created the tape originally. In this case, you must be logged on to the computer where the tape was originally created.
• A person with the "Back up files and directories" right.

Any of these people are allowed to read, write, or erase the tape. Persons without the "Back up files and directories" right cannot modify the tape unless they created it by writing the first backup set. This prevents the accidental or deliberate erasure of information by anyone other than the tape's owner (the person who first wrote the tape), a backup user, or a system administrator. For tapes being written to transfer files between computers, "restrict access" should not be selected. For nonrestricted tapes, anyone would be allowed to read, write, or erase the tapes. Note that user-supplied passwords are not used for security purposes because they are easily forgotten. The proliferation of password use with various utilities can compromise security when the logon password is used in multiple places. Without the use of data encryption, tapes are not considered truly secure, and should be physically secured to protect sensitive data. The backup utility cannot prevent deliberate erasure of information from a tape. Security identification (SID) information is not used by Windows NT Backup.

"Back Up Files and Directories" Right

Under NTFS, an Access Control List (ACL) is used to control each person's rights to system resources. Windows NT Backup will usually not back up drives, volumes, directories and/or files to which you do not have access privileges. Your ACL restrictions are inherited by the application at runtime. The exception is when you have the "Back up files and directories" right. Under this exception, you are able to back up and restore drives, directories, and files to which you would otherwise not have access to. The "Back up files and directories" right allows you to bypass ACL protection in order to back up another's files. In addition to being able to read the files, the "Back up files and directories" right allows Windows NT Backup to update the "archive" bit in the file header. Windows NT Backup checks for the existence of the "Back up files and directories" right for the active user, enables the associated rights while processing files, and disable these rights when backup/restore operations are complete.