Backup solution suggestions

Johan Ström johan at stromnet.se
Tue Jan 15 15:26:59 PST 2008


On Jan 15, 2008, at 22:09 , Aristedes Maniatis wrote:

>
> On 15/01/2008, at 8:52 PM, Johan Ström wrote:
>
>> I'm looking to invest in some new hardware for backup. probably  
>> some kind of NAS (a 4-disk 1U NAS or something in that size). The  
>> thing is that I won't be the only one with access to this box,  
>> thus I would like to secure my data.
>> What I would like is encryption both for the transfer to the box,  
>> and encrypted on disk. The data on disk should not be readable by  
>> anyone but me (ie the other user(s) of the box should not be able  
>> to read it, at least not without a big effort).
>
> Take a look at bacula. It is a proper backup system, meaning that  
> it does incremental backups, etc. Storage pools can be encrypted.  
> Not sure if the network stream can be, but that could be solved  
> with an ssh tunnel. And it is open source, reliable and runs nicely  
> on FreeBSD.
>

My main problem with existing solutions is this "gap" of encryption  
on the backup server side. I dont want it to be readable outside of  
my box (without encryption keys ofcourse), so as soon as I send it of  
from my box I want it to be encrypted over the link, and down on the  
disk. Not decrypted on the remote box, to then be encrypted again  
(with keys available on that box) and then stored to disk. That would  
allow any users of that box (yes sure you can have file permissions  
but lets assume someone else have root access there) to read my files.

Simple Example:

I create regular tarball (gziped maybee) with some files i want to  
backup, Then i encrypt this file with ie gpg. Then i send of this  
file using some unspecified network protocol to the storage server.
Encrypted all the way, from my end to the remote disk..
The downside is that it is a static file.. not a "dynamic  
filesystem", nothing I can mount and have easy access to individual  
files from. *Thats* what I'm looking for.

--
Johan


More information about the freebsd-stable mailing list