Re: [Bacula-users] Enrypting all data in transit and at rest

Wed, 14 Aug 2019 10:47:21 -0700

Hello Heitor,

I recommend that you check the details of the BEE automatic encryption feature.  If I am not mistaken you are referring to the new PSK (private shared key) that BEE uses for authentication.  This means that Bacula will be much more secure against man-in-the-middle attacks and such.  However, I don't think it helps with data encryption.

I am currently trying to get it into the next community version.  I believe that the person who implement the BEE PSK is or will be working on creating a community patch for it ...

Best regards,
Kern

On 8/14/19 3:50 PM, Heitor Faria wrote:
Hello Lauri (forgot to copy the group),
>Also, this information needs to then travel the network connections in
>the picture where it says File Attributes? I suppose I can then use
>Bacula TLS
>to protect all that unencyrpted data between the File Daemon, Storage
>Daemon and Director. Securing Director - Catalog DBMS connection is
>then out of scope of Bacula. Encrypting those will ensure my data is
>protected while in transit?
>
>In order to encrypt all data in transit and at rest I need to
>- Enable Data Encryption for the Volumes
>- Configure Bacula TLS
I guess if you use data encryption you dont need to use TLS, because data is already encrypted.
If you just to encrypt transferred data you only need TLS.
Anyway, BEE has a very exciting new feature which is automatic TLS, much easier to set up. Not sure if it will be available in Community Bacula next V. 11 release.

Regards,
--

MSc Heitor Faria
 CEO Bacula LATAM
mobile1: + 1 909 655-8971
 mobile2: + 55 61 98268-4220
linkedin%20icon
logo
América Latina
bacula.latbacula.com.br
 



_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users





_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users






















					Reply via email to