Protecting your passwords

Background

All sensitive data held by Restorepoint is protected by encryption. Restorepoint transparently encrypts data when it is written to disk, and decrypts it when it is read. Clear-text data is always only held in volatile memory and therefore disappears when the appliance is shut down or rebooted, rendering data theft impossible without a valid encryption key. In order to make encryption less intrusive for the user, Restorepoint has two operational states:

• Lock-down state: when the appliance is powered up and no encryption password has been entered by an administrator. In this state, Restorepoint cannot read its own database and therefore cannot perform any automatic operations. An administrator must log in and provide the encryption password.
• Normal state: after an administrator has provided the encryption password at login. This is the normal operational mode, when all system functions are enabled. Subsequent administrator logins will not require an encryption password, until the appliance is rebooted again.

It is paramount that administrators memorise both user password and encryption password – without either, you will not be able to access your data.

User password and Encryption password

Passwords are configured during the initial configuration of the appliance, and can be modified in the Administration->Users tab. When you edit or create a user, you will also need to configure an email address and a password recovery question and answer, which are used to reset the passwords in case they are forgotten. It is important that you choose a question to which only you know the answer. Restorepoint will send you a password recovery token by email; therefore you should ensure that your SMTP settings and email address are entered correctly. You should keep the password recovery token safe.

Recovering passwords

If you have lost the passwords, and you are not able to log in using another administrator’s credential, you will need to follow the Forgotten Password link, which uses two-factor authentication: you will need to provide your password recovery token and your security question and answer; if the provided information is correct, you will be able to reset your passwords.

REMEMBER: if you have forgotten your password and the appliance is in lock-down state, unless you can provide the information required for the password recovery procedure above, you will not be able to access your data, and your only option may be a factory reset – which destroys all the data on the appliance.

For more information, please email our Technical Support Team.

Advertisement

Are you backing up Restorepoint?

Restorepoint is there for you when you need it the most – in a disaster recovery situation. Restorepoint appliances use high quality components and built-in redundancy; however, statistically, hardware failure is only a matter of time, and Restorepoint is no exception.

Restorepoint stores invaluable information about your network, so it is essential that all the data on the appliance is also backed up.

Restorepoint has an archiving features that effectively creates a snapshot of the appliance, which is copied to an external FTP server or Windows share. Archives can be restored when needed, on the same appliance or on a new one. Encryption ensures that archives not readable outside the appliance.

Archives are configured in the Administration->System->Archive page, where you can enter the detail of your server. We recommend a weekly or monthly archiving schedule. In Restorepoint version 4.2 and above you will be able to create multiple archive locations, and use SFTP/SCP in addition to CIFS and FTP.

Blue Coat ProxySG plug-in enhanced to backup encrypted keyring

Restorepoint now makes the process of restoring a Blue Coat ProxySG configuration easier than ever following a hardware failure or when migrating a configurations to a new appliance. The enhanced Blue Coat device plug-in is now able to also backup and recover the encrypted keyring (private key and certificate) which would otherwise be a manual and complex operation – check this Blue Coat Knowledge Base article to see all the additional steps required.

Even the Blue Coat Director does NOT back up the private key and certificate by default (see KB4067).

Restorepoint always backs up this information for you and allows you to restore a configuration in just a couple of clicks.

To ensure you are running the latest Blue Coat plugin, please check that your appliance is up to date (software version 4.0 build 20120815:145016 or later).