Date: Thu, 8 Mar 2001 14:50:29 -0500 (EST) From: Rob Simmons <rsimmons@wlcg.com> To: Adam Laurie <adam@algroup.co.uk> Cc: Mike Tancsa <mike@sentex.net>, <freebsd-security@FreeBSD.ORG> Subject: Re: "write only" fs/files ? Message-ID: <Pine.BSF.4.33.0103081443520.30970-100000@mail.wlcg.com> In-Reply-To: <3AA7D65D.C27251B9@algroup.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There isn't a windows client for amanda. What you have to do is use smbclient and gnutar. The windows section of your amanda backup will be the weak link since the passwords are only encrypted with NT1. For the *nix boxen, stunnel is a good idea. Kerberos v4 is supported in amanda, which can be used for authentication as well as encrypting the dump itself. Robert Simmons Systems Administrator http://www.wlcg.com/ On Thu, 8 Mar 2001, Adam Laurie wrote: > Mike Tancsa wrote: > > > > We are looking at a new network backup system and are throwing around a > > number of scenarios. We have a mix of co-location servers and want to > > provide a backup service to those who do not provide their own built in > > tape drives. One of the ideas thrown about was some sort of one way backup > > system on a large disk store. For UNIX users, rsync over ssh to a unique > > userID per server is one thought. For Win32 boxes, some combo of samba > > perhaps through PTPTP. > > > > One additional feature that would be nice to have would be to provide one > > way backups somehow. i.e. the client machine dumps its data to the backup > > server either into a dump file or tar file or sync'd file system via > > rsync. But, for security purposes, it would be nice to somehow mark that > > data once uploaded as being inaccessible to the client machine. This way > > if their box gets compromised after the backup, they dont have access to > > the data before it gets offloaded to tape. > > > > Comments ? > > stunnelled amanda with strong authentication. > > http://www.stunnel.org/ > http://www.amanda.org/ > > i've never used 'doze clients but i'm told they work. > > cheers, > Adam > -- > Adam Laurie Tel: +44 (20) 8742 0755 > A.L. Digital Ltd. Fax: +44 (20) 8742 5995 > Voysey House http://www.thebunker.net > Barley Mow Passage http://www.aldigital.co.uk > London W4 4GB mailto:adam@algroup.co.uk > UNITED KINGDOM PGP key on keyservers > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6p+KJv8Bofna59hYRAgaaAKCFqlxScevbMknOYnz48PCSvcMNqgCfTaCa YKeqAZyTIPnWazMEsHDm9AI= =XnDo -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0103081443520.30970-100000>