Date: Wed, 16 Jan 2008 00:26:34 +0100 From: =?ISO-8859-1?Q?Johan_Str=F6m?= <johan@stromnet.se> To: Aristedes Maniatis <ari@ish.com.au> Cc: emj@emj.se, freebsd-stable@freebsd.org Subject: Re: Backup solution suggestions Message-ID: <4FF9842D-ADC9-4A99-9DC4-E0FE1CC9CDCF@stromnet.se> In-Reply-To: <39FB5CF3-F2F4-401B-9D6D-7796608152E5@ish.com.au> References: <E6BCC509-6CC8-44F1-98C2-416920A52218@stromnet.se> <39FB5CF3-F2F4-401B-9D6D-7796608152E5@ish.com.au>
index | next in thread | previous in thread | raw e-mail
On Jan 15, 2008, at 22:09 , Aristedes Maniatis wrote: > > On 15/01/2008, at 8:52 PM, Johan Ström wrote: > >> I'm looking to invest in some new hardware for backup. probably >> some kind of NAS (a 4-disk 1U NAS or something in that size). The >> thing is that I won't be the only one with access to this box, >> thus I would like to secure my data. >> What I would like is encryption both for the transfer to the box, >> and encrypted on disk. The data on disk should not be readable by >> anyone but me (ie the other user(s) of the box should not be able >> to read it, at least not without a big effort). > > Take a look at bacula. It is a proper backup system, meaning that > it does incremental backups, etc. Storage pools can be encrypted. > Not sure if the network stream can be, but that could be solved > with an ssh tunnel. And it is open source, reliable and runs nicely > on FreeBSD. > My main problem with existing solutions is this "gap" of encryption on the backup server side. I dont want it to be readable outside of my box (without encryption keys ofcourse), so as soon as I send it of from my box I want it to be encrypted over the link, and down on the disk. Not decrypted on the remote box, to then be encrypted again (with keys available on that box) and then stored to disk. That would allow any users of that box (yes sure you can have file permissions but lets assume someone else have root access there) to read my files. Simple Example: I create regular tarball (gziped maybee) with some files i want to backup, Then i encrypt this file with ie gpg. Then i send of this file using some unspecified network protocol to the storage server. Encrypted all the way, from my end to the remote disk.. The downside is that it is a static file.. not a "dynamic filesystem", nothing I can mount and have easy access to individual files from. *Thats* what I'm looking for. -- Johanhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF9842D-ADC9-4A99-9DC4-E0FE1CC9CDCF>