Cisco ACS v5 Now Supported

Restorepoint now supports Cisco Secure Access Control Server (ACS) version 5, deployed either on the hardware appliance (CSACS-1121 series or similar) or ACS virtual appliance.

Restorepoint backs up and restore the database (both ACS and ADE OS), the database password file, certificate store and, if required, the ADE OS configuration.

The previous ACS version 4 is also supported, via a separate plugin.

Please contact the Restorepoint Support Team for more information.

Advertisements

FortiGate Plugin Update

The Restorepoint FortiGate plugin has been updated to support SCP for backup and restoration. Wherever possible, for security reasons SCP should be used to backup FortiGate devices; SCP also avoids TFTP back-connections for file transfers. Note that SCP may need to be enabled in the FortiGate UI or CLI.

The SCP restoration method differs slightly depending on the FortiOS version, but Restorepoint will use the appropriate method for each firmware version.
Restorepoint supports FortiOS 3, 4 and 5.
Please contact the Restorepoint Support Team for more information.

Protecting your passwords

Background

All sensitive data held by Restorepoint is protected by encryption. Restorepoint transparently encrypts data when it is written to disk, and decrypts it when it is read. Clear-text data is always only held in volatile memory and therefore disappears when the appliance is shut down or rebooted, rendering data theft impossible without a valid encryption key. In order to make encryption less intrusive for the user, Restorepoint has two operational states:

  • Lock-down state: when the appliance is powered up and no encryption password has been entered by an administrator. In this state, Restorepoint cannot read its own database and therefore cannot perform any automatic operations. An administrator must log in and provide the encryption password.
  • Normal state: after an administrator has provided the encryption password at login. This is the normal operational mode, when all system functions are enabled. Subsequent administrator logins will not require an encryption password, until the appliance is rebooted again.

It is paramount that administrators memorise both user password and encryption password – without either, you will not be able to access your data.

User password and Encryption password

Passwords are configured during the initial configuration of the appliance, and can be modified in the Administration->Users tab. When you edit or create a user, you will also need to configure an email address and a password recovery question and answer, which are used to reset the passwords in case they are forgotten. It is important that you choose a question to which only you know the answer. Restorepoint will send you a password recovery token by email; therefore you should ensure that your SMTP settings and email address are entered correctly. You should keep the password recovery token safe.

Recovering passwords

If you have lost the passwords, and you are not able to log in using another administrator’s credential, you will need to follow the Forgotten Password link, which uses two-factor authentication: you will need to provide your password recovery token and your security question and answer; if the provided information is correct, you will be able to reset your passwords.

REMEMBER: if you have forgotten your password and the appliance is in lock-down state, unless you can provide the information required for the password recovery procedure above, you will not be able to access your data, and your only option may be a factory reset – which destroys all the data on the appliance.

For more information, please email our Technical Support Team.

Are you backing up Restorepoint?

Restorepoint is there for you when you need it the most – in a disaster recovery situation. Restorepoint appliances use high quality components and built-in redundancy; however, statistically, hardware failure is only a matter of time, and Restorepoint is no exception.

Restorepoint stores invaluable information about your network, so it is essential that all the data on the appliance is also backed up.

Restorepoint has an archiving features that effectively creates a snapshot of the appliance, which is copied to an external FTP server or Windows share. Archives can be restored when needed, on the same appliance or on a new one. Encryption ensures that archives not readable outside the appliance.

Archives are configured in the Administration->System->Archive page, where you can enter the detail of your server. We recommend a weekly or monthly archiving schedule. In Restorepoint version 4.2 and above you will be able to create multiple archive locations, and use SFTP/SCP in addition to CIFS and FTP.