From owner-freebsd-security  Thu Mar  8 10:59:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193])
	by hub.freebsd.org (Postfix) with ESMTP id B0D6637B718
	for <freebsd-security@freebsd.org>; Thu,  8 Mar 2001 10:59:10 -0800 (PST)
	(envelope-from adam@algroup.co.uk)
Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id SAA27293; Thu, 8 Mar 2001 18:58:39 GMT
Message-ID: <3AA7D65D.C27251B9@algroup.co.uk>
Date: Thu, 08 Mar 2001 18:58:37 +0000
From: Adam Laurie <adam@algroup.co.uk>
Organization: A.L. Group plc
X-Mailer: Mozilla 4.76 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Mike Tancsa <mike@sentex.net>
Cc: freebsd-security@freebsd.org
Subject: Re: "write only" fs/files ?
References: <5.0.2.1.0.20010308130831.03074aa0@marble.sentex.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Mike Tancsa wrote:
> 
> We are looking at a new network backup system and are throwing around a
> number of scenarios.  We have a mix of co-location servers and want to
> provide a backup service to those who do not provide their own built in
> tape drives.  One of the ideas thrown about was some sort of one way backup
> system on a large disk store.  For UNIX users, rsync over ssh to a unique
> userID per server is one thought.  For Win32 boxes, some combo of samba
> perhaps through PTPTP.
> 
> One additional feature that would be nice to have would be to provide one
> way backups somehow. i.e. the client machine dumps its data to the backup
> server either into a dump file or tar file or sync'd file system via
> rsync.  But, for security purposes, it would be nice to somehow mark that
> data once uploaded as being inaccessible to the client machine.  This way
> if their box gets compromised after the backup, they dont have access to
> the data before it gets offloaded to tape.
> 
> Comments ?

stunnelled amanda with strong authentication.

  http://www.stunnel.org/
  http://www.amanda.org/

i've never used 'doze clients but i'm told they work.

cheers,
Adam
--
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
Voysey House                  http://www.thebunker.net
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message