Backup solution suggestions
johan at stromnet.se
Tue Jan 15 15:26:59 PST 2008
On Jan 15, 2008, at 22:09 , Aristedes Maniatis wrote:
> On 15/01/2008, at 8:52 PM, Johan Ström wrote:
>> I'm looking to invest in some new hardware for backup. probably
>> some kind of NAS (a 4-disk 1U NAS or something in that size). The
>> thing is that I won't be the only one with access to this box,
>> thus I would like to secure my data.
>> What I would like is encryption both for the transfer to the box,
>> and encrypted on disk. The data on disk should not be readable by
>> anyone but me (ie the other user(s) of the box should not be able
>> to read it, at least not without a big effort).
> Take a look at bacula. It is a proper backup system, meaning that
> it does incremental backups, etc. Storage pools can be encrypted.
> Not sure if the network stream can be, but that could be solved
> with an ssh tunnel. And it is open source, reliable and runs nicely
> on FreeBSD.
My main problem with existing solutions is this "gap" of encryption
on the backup server side. I dont want it to be readable outside of
my box (without encryption keys ofcourse), so as soon as I send it of
from my box I want it to be encrypted over the link, and down on the
disk. Not decrypted on the remote box, to then be encrypted again
(with keys available on that box) and then stored to disk. That would
allow any users of that box (yes sure you can have file permissions
but lets assume someone else have root access there) to read my files.
I create regular tarball (gziped maybee) with some files i want to
backup, Then i encrypt this file with ie gpg. Then i send of this
file using some unspecified network protocol to the storage server.
Encrypted all the way, from my end to the remote disk..
The downside is that it is a static file.. not a "dynamic
filesystem", nothing I can mount and have easy access to individual
files from. *Thats* what I'm looking for.
More information about the freebsd-stable