Date: Wed, 16 Jan 2008 00:26:34 +0100 From: =?ISO-8859-1?Q?Johan_Str=F6m?= <johan@stromnet.se> To: Aristedes Maniatis <ari@ish.com.au> Cc: emj@emj.se, freebsd-stable@freebsd.org Subject: Re: Backup solution suggestions Message-ID: <4FF9842D-ADC9-4A99-9DC4-E0FE1CC9CDCF@stromnet.se> In-Reply-To: <39FB5CF3-F2F4-401B-9D6D-7796608152E5@ish.com.au> References: <E6BCC509-6CC8-44F1-98C2-416920A52218@stromnet.se> <39FB5CF3-F2F4-401B-9D6D-7796608152E5@ish.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 15, 2008, at 22:09 , Aristedes Maniatis wrote: > > On 15/01/2008, at 8:52 PM, Johan Str=F6m wrote: > >> I'm looking to invest in some new hardware for backup. probably =20 >> some kind of NAS (a 4-disk 1U NAS or something in that size). The =20 >> thing is that I won't be the only one with access to this box, =20 >> thus I would like to secure my data. >> What I would like is encryption both for the transfer to the box, =20 >> and encrypted on disk. The data on disk should not be readable by =20 >> anyone but me (ie the other user(s) of the box should not be able =20 >> to read it, at least not without a big effort). > > Take a look at bacula. It is a proper backup system, meaning that =20 > it does incremental backups, etc. Storage pools can be encrypted. =20 > Not sure if the network stream can be, but that could be solved =20 > with an ssh tunnel. And it is open source, reliable and runs nicely =20= > on FreeBSD. > My main problem with existing solutions is this "gap" of encryption =20 on the backup server side. I dont want it to be readable outside of =20 my box (without encryption keys ofcourse), so as soon as I send it of =20= from my box I want it to be encrypted over the link, and down on the =20 disk. Not decrypted on the remote box, to then be encrypted again =20 (with keys available on that box) and then stored to disk. That would =20= allow any users of that box (yes sure you can have file permissions =20 but lets assume someone else have root access there) to read my files. Simple Example: I create regular tarball (gziped maybee) with some files i want to =20 backup, Then i encrypt this file with ie gpg. Then i send of this =20 file using some unspecified network protocol to the storage server. Encrypted all the way, from my end to the remote disk.. The downside is that it is a static file.. not a "dynamic =20 filesystem", nothing I can mount and have easy access to individual =20 files from. *Thats* what I'm looking for. -- Johan=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF9842D-ADC9-4A99-9DC4-E0FE1CC9CDCF>