On Jan 15, 2008, at 22:09 , Aristedes Maniatis wrote:
On 15/01/2008, at 8:52 PM, Johan Ström wrote:
I'm looking to invest in some new hardware for backup. probably
some kind of NAS (a 4-disk 1U NAS or something in that size). The
thing is that I won't be the only one with access to this box,
thus I would like to secure my data.
What I would like is encryption both for the transfer to the box,
and encrypted on disk. The data on disk should not be readable by
anyone but me (ie the other user(s) of the box should not be able
to read it, at least not without a big effort).
Take a look at bacula. It is a proper backup system, meaning that
it does incremental backups, etc. Storage pools can be encrypted.
Not sure if the network stream can be, but that could be solved
with an ssh tunnel. And it is open source, reliable and runs nicely
on FreeBSD.
My main problem with existing solutions is this "gap" of encryption
on the backup server side. I dont want it to be readable outside of
my box (without encryption keys ofcourse), so as soon as I send it of
from my box I want it to be encrypted over the link, and down on the
disk. Not decrypted on the remote box, to then be encrypted again
(with keys available on that box) and then stored to disk. That would
allow any users of that box (yes sure you can have file permissions
but lets assume someone else have root access there) to read my files.
Simple Example:
I create regular tarball (gziped maybee) with some files i want to
backup, Then i encrypt this file with ie gpg. Then i send of this
file using some unspecified network protocol to the storage server.
Encrypted all the way, from my end to the remote disk..
The downside is that it is a static file.. not a "dynamic
filesystem", nothing I can mount and have easy access to individual
files from. *Thats* what I'm looking for.
--
Johan_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
