Date: Tue, 15 Jan 2008 20:16:36 +0100 From: =?ISO-8859-1?Q?Johan_Str=F6m?= <johan@stromnet.se> To: Jeremy Chadwick <koitsu@FreeBSD.org> Cc: freebsd-stable@freebsd.org, Vladimir Botka <vlado@botka.homeunix.org> Subject: Re: Backup solution suggestions Message-ID: <F4F935DD-DB7F-4145-A688-DAEBFE46BE6B@stromnet.se> In-Reply-To: <20080115124406.GA8803@eos.sc1.parodius.com> References: <E6BCC509-6CC8-44F1-98C2-416920A52218@stromnet.se> <20080115124002.06d14cfc@srv> <20080115124406.GA8803@eos.sc1.parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 15, 2008, at 13:44 , Jeremy Chadwick wrote: > On Tue, Jan 15, 2008 at 12:40:02PM +0100, Vladimir Botka wrote: >> Dne Tue, 15 Jan 2008 10:52:56 +0100 >> Johan Str=F6m <johan@stromnet.se> napsal(a): >> >>> Hello >>> >>> I'm looking to invest in some new hardware for backup. probably some >>> kind of NAS (a 4-disk 1U NAS or something in that size). The thing >>> is that I won't be the only one with access to this box, thus I >>> would like to secure my data. >>> What I would like is encryption both for the transfer to the box, >>> and encrypted on disk. The data on disk should not be readable by >>> anyone but me (ie the other user(s) of the box should not be able to >>> read it, at least not without a big effort). >>> >>> So, I'm wondering what the best solution might be.. Tar'balling all >>> my stuff and encrypt it with GPG or something and just dump it there >>> with NFS would be the easiest solution, but maybe not the best. I've >>> been thinking about running a GELI image on my box, and store that >>> on the NAS over NFS.. would that be doable/secure/stable? >>> Another idea would be to go with some regular 1U box running some >>> FBSD, doing scp to the box and geli local on the box but that would >>> require me to have the encryption keys on that box (which would be >>> shared so thus no good idea). >>> >>> Any other ideas? Being able to rsync to the backup storage instead >>> of just sending big encrypted tarballs would be very nice (and I >>> guess that would be possible with geli version) >>> >>> Maybe not the perfect list for this, but it is somewhat freebsd >>> specific and I'm sure some other ppl on the list have had simliar >>> situations :) >>> >>> -- >>> Johan Str=F6m >>> Stromnet >>> johan@stromnet.se >>> http://www.stromnet.se/ >>> >> >> Hello, >> >> As of the encryption on the transfer I use security/sfs to mount =20 >> remote >> directory for backup and then rsync in the local. > > I thought SFS looked pretty neat until I saw this in the =20 > documentation: > > Finally, you must export all the local-directorys in your =20 > sfsrwsd_config > to localhost via NFS version 3. > > See my mail to Johan, as it documents a known "issue" with > nfsd/mountd/portmap on FreeBSD (re: binding to INADDR_ANY and using > dynamically-allocated port numbers). This circles back to my "if you > HAVE to use NFS, do so on a dedicated network which has no public > access" statement. > SFS indeed looked very nice, but didnt provide me with the encrypted-=20 on-disk feature I need as I understand?. As mentioned earlier I don't want to store crypto keys on the backup =20 machine itself, otherwise I could have used geli or something. Thanks -- Johan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F4F935DD-DB7F-4145-A688-DAEBFE46BE6B>