Best practices for Backup Exec 2010 software encryption
Best practices include tips and recommendations to help you use software encryption effectively with Symantec Backup Exec 2010. For more information about software encryption, see the Backup Exec 2010 Administrator's Guide.
The following best practices can ensure smooth operations when you administer software encryption:
Create strong pass phrases by doing the following:
Use more than the minimum number of characters that are required.
Use a combination of upper- and lower-case letters, numbers, and special characters.
Avoid literary quotations in pass phrases.
Keep your pass phrases secure.
Run Backup Exec Services in FIPS mode and use 256-bit AES encryption to be FIPS compliant.
This option is available at Tools > Options > Network and Security. It is called Use FIPS 140-2 compliant software encryption.
Use software compression with encryption if the data must be compressed.
Avoid using hardware compression with software encryption.
If you do not use software encryption when you back up data to a backup-to-disk folder, use File System encryption to prevent unauthorized access.
Use the same encryption key for all of the templates in a synthetic backup policy.