How secure is the data on the backup servers?

The data passes thru the server and is stored on tape. Access to the server is restricted to system administrators. No data is stored on the server. TSM (ucbackup) does use a disk "pool" to stage data before it goes to tape, but that data is stored in a propriety database format and can only be access thru the TSM administrative modules.

Does UCbackup use a firewall?

The server is not firewalled because of the bandwidth requirements. The backup application require network connectivity, so a firewall would not lessen risk. The server is very well hardened against outside attacks. No unnecessary server port are open for access. All communication with the server for administration is done via ssh.

Does UCbackup allow all IP addresses in or just campus?

Any IP can attempt to connect to the server, but the backup application only allows configured clients to access their data. Administrative access is controlled using access control lists and is restricted to system admin only.

Is sensitive data (personal info) safe from hackers as much as possible (what security measures are in place for this)?

Data is not stored on the server and would require detailed knowledge of the tape and operating systems to access the data on tape without the backup applications. Again, access to the backed up data on the server would require a hacker to have the not only root access, but application access as well. There is no way to download data on tape to a remote system which is not a backup client. The data can not be read on the server. A compromised client could attempt to recover its own data, but the attack would be limited to that client's data only. It is suggested that sensitive data be encrypted on the client at all times regardless of backup method used.

Are communications between Backup Server and Client Server secure? (SSL)

The UCbackup services have the ability to backup data using an encrypted data stream between client and backup server. The client can "turn" this feature on. All data would be encrypted going to the backup server. Data would be stored on tape encrypted and only un-encrypted once it was recovered back on the client system. Only the user has the encrptytion password and there is no why to recover a lost or forgotten password. There is a danger of not being able to recover encrypted data if the password is forgotten.

How are the tape protected?

Physical security is an important part of backup and recovery. The backup server and tape silo are maintained in the IS&T data center, which has 24 hours security and cardkey access. Offsite tapes are shipped via locked steel containers and access to these is thru authorized admins only.