Re: [Bacula-users] encrypting files?
In response to Mike <[EMAIL PROTECTED]>: > I have a possible situation at work where one user (I'll not > go into the details) needs to have all files from that > workstation encrypted before they get on the network and on > tape. Has there been a discussion, plan, or option I've overlooked > such that the bacula-fd.conf can contain a passphrase for > each file and when the files are read for sending to the > director and sd the files are encrypted and when files are > sent from the sd they are decrypted. > > What I'm thinking is the fd is the gateway to everything > else in bacula and that when a file goes out through the fd > the file is encrypted and when the file comes in through fd to > the workstation fd decrypts the file. The user on the workstation > always sees unencrypted files, regular data as if nothing > is different. Anybody sniffing on the network or finding > a random tape is able to see the files, but since the files > are encrypted the files and tape and anything on the network > is useless. > > If not discussed previously I'd like to see a parameter > for what encryption program to use (pgp, gpg, enigma, etc) > and a parameter for either a pass phrase, chat script, > or something similiar to be given. Maybe the program needs > two parameters, one for encryption and one for decryption. Encryption is on the TODO list, but not available yet. I suggest you look at the larger problem, however. If the data on this machine needs to be encrypted before going to tape, shouldn't the data on the computer be protected from theft? If someone breaks in and steals that computer, you won't care about whether or not your backups are encrypted. Here, we have the critical stuff encrypted on-disk with pgp. The pgp encrypted folders show up as one big file, which can be backed up normally with Bacula. This protects against both situations. -- Bill Moran Collaborative Fusion Inc. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] encrypting files?
I have a possible situation at work where one user (I'll not go into the details) needs to have all files from that workstation encrypted before they get on the network and on tape. Has there been a discussion, plan, or option I've overlooked such that the bacula-fd.conf can contain a passphrase for each file and when the files are read for sending to the director and sd the files are encrypted and when files are sent from the sd they are decrypted. What I'm thinking is the fd is the gateway to everything else in bacula and that when a file goes out through the fd the file is encrypted and when the file comes in through fd to the workstation fd decrypts the file. The user on the workstation always sees unencrypted files, regular data as if nothing is different. Anybody sniffing on the network or finding a random tape is able to see the files, but since the files are encrypted the files and tape and anything on the network is useless. If not discussed previously I'd like to see a parameter for what encryption program to use (pgp, gpg, enigma, etc) and a parameter for either a pass phrase, chat script, or something similiar to be given. Maybe the program needs two parameters, one for encryption and one for decryption. Thoughts? Mike - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] encrypting files?
I have a possible situation at work where one user (I'll not go into the details) needs to have all files from that workstation encrypted before they get on the network and on tape. Has there been a discussion, plan, or option I've overlooked such that the bacula-fd.conf can contain a passphrase for each file and when the files are read for sending to the director and sd the files are encrypted and when files are sent from the sd they are decrypted. What I'm thinking is the fd is the gateway to everything else in bacula and that when a file goes out through the fd the file is encrypted and when the file comes in through fd to the workstation fd decrypts the file. The user on the workstation always sees unencrypted files, regular data as if nothing is different. Anybody sniffing on the network or finding a random tape is able to see the files, but since the files are encrypted the files and tape and anything on the network is useless. If not discussed previously I'd like to see a parameter for what encryption program to use (pgp, gpg, enigma, etc) and a parameter for either a pass phrase, chat script, or something similiar to be given. Maybe the program needs two parameters, one for encryption and one for decryption. Thoughts? Mike - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] encrypting files?
On Monday 14 August 2006 17:16, Ryan Novosielski wrote: > But the release WAS 1.36 -- there was no 1.37. So... has the process > changed here, or is the original post incorrect? Bacula versions n.even.xx (e.g. 1.36.1 or 1.38.11) are production releases. Versions n.odd.xx (e.g. 1.37.5 or 1.39.18) are development releases for testing. > _ _ _ _ ___ _ _ _ > |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer III > |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) > \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 > > > John Drescher wrote: > >> This is not the case. We don't release like that. What we have > >> recently released is 1.39-beta. Eventually, there will be a full > >> 1.39 release. > >> > >> -- > > Sorry, It's been a long enough time with 1.38 that I forgot of the > > previous release was 1.37 or 1.36. > > > > John > > > > - > > Using Tomcat but need to do more? Need to support web services, security? > > Get stuff done quickly with pre-integrated technology to make your job easier > > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > ___ > > Bacula-users mailing list > > Bacula-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bacula-users > > > - > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > ___ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users > - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] encrypting files?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 But the release WAS 1.36 -- there was no 1.37. So... has the process changed here, or is the original post incorrect? _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer III |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 John Drescher wrote: >> This is not the case. We don't release like that. What we have >> recently released is 1.39-beta. Eventually, there will be a full >> 1.39 release. >> >> -- > Sorry, It's been a long enough time with 1.38 that I forgot of the > previous release was 1.37 or 1.36. > > John > > - > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > ___ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFE4JPWmb+gadEcsb4RAoI3AJ4tWsOFv2m2CjXwlkr0caKHlX5AhACeIfQW XNSH/lUMRd0Q877DW+ok7Dk= =pWjE -END PGP SIGNATURE- - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] encrypting files?
> This is not the case. We don't release like that. What we have > recently released is 1.39-beta. Eventually, there will be a full > 1.39 release. > > -- Sorry, It's been a long enough time with 1.38 that I forgot of the previous release was 1.37 or 1.36. John - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] encrypting files?
On 12 Aug 2006 at 4:19, John Drescher wrote: > > Wonderful. Any estimate on the release of 1.39? When it's ready. Weeks or months, not days. > The source has already been released. Since this is a odd number I > believe all 1.39 releases will be beta only and you will have to wait > for 1.40 for an official release. This is not the case. We don't release like that. What we have recently released is 1.39-beta. Eventually, there will be a full 1.39 release. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] encrypting files?
> Wonderful. Any estimate on the release of 1.39? > > Mike The source has already been released. Since this is a odd number I believe all 1.39 releases will be beta only and you will have to wait for 1.40 for an official release. John - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] encrypting files?
On Fri, 11 Aug 2006, Landon Fuller might have said: > This functionality is available in the 1.39 betas; I have some > documentation on my web site: > http://landonf.bikemonkey.org/code/bacula/ > Configuring_Bacula_Encryption.20060305184424.26351.sandbox.html > > The encryption is implemented in Bacula, using OpenSSL. Instead of > simple symmetric encryption, asymmetric encryption is used to encrypt > the session keys. This allows you to maintain a master keypair for > said user's encrypted data, and retain the ability to restore their > data should their encryption keypair be lost. > > There is still one major gotcha, namely, it's possible for the > director to restore new keys or a bacula configuration file to the > client, and thus force later backups to be made with a compromised > key and/or with no encryption at all. There has been some discussion > on the list regarding solutions to this problem, including limiting > where the director can send a restoration job on the file daemon. Wonderful. Any estimate on the release of 1.39? Mike - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] encrypting files?
On Aug 11, 2006, at 13:24, Mike wrote: I have a possible situation at work where one user (I'll not go into the details) needs to have all files from that workstation encrypted before they get on the network and on tape. Has there been a discussion, plan, or option I've overlooked such that the bacula-fd.conf can contain a passphrase for each file and when the files are read for sending to the director and sd the files are encrypted and when files are sent from the sd they are decrypted. What I'm thinking is the fd is the gateway to everything else in bacula and that when a file goes out through the fd the file is encrypted and when the file comes in through fd to the workstation fd decrypts the file. The user on the workstation always sees unencrypted files, regular data as if nothing is different. Anybody sniffing on the network or finding a random tape is able to see the files, but since the files are encrypted the files and tape and anything on the network is useless. If not discussed previously I'd like to see a parameter for what encryption program to use (pgp, gpg, enigma, etc) and a parameter for either a pass phrase, chat script, or something similiar to be given. Maybe the program needs two parameters, one for encryption and one for decryption. This functionality is available in the 1.39 betas; I have some documentation on my web site: http://landonf.bikemonkey.org/code/bacula/ Configuring_Bacula_Encryption.20060305184424.26351.sandbox.html The encryption is implemented in Bacula, using OpenSSL. Instead of simple symmetric encryption, asymmetric encryption is used to encrypt the session keys. This allows you to maintain a master keypair for said user's encrypted data, and retain the ability to restore their data should their encryption keypair be lost. There is still one major gotcha, namely, it's possible for the director to restore new keys or a bacula configuration file to the client, and thus force later backups to be made with a compromised key and/or with no encryption at all. There has been some discussion on the list regarding solutions to this problem, including limiting where the director can send a restoration job on the file daemon. -landonf PGP.sig Description: This is a digitally signed message part - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] encrypting files?
I have a possible situation at work where one user (I'll not go into the details) needs to have all files from that workstation encrypted before they get on the network and on tape. Has there been a discussion, plan, or option I've overlooked such that the bacula-fd.conf can contain a passphrase for each file and when the files are read for sending to the director and sd the files are encrypted and when files are sent from the sd they are decrypted. What I'm thinking is the fd is the gateway to everything else in bacula and that when a file goes out through the fd the file is encrypted and when the file comes in through fd to the workstation fd decrypts the file. The user on the workstation always sees unencrypted files, regular data as if nothing is different. Anybody sniffing on the network or finding a random tape is able to see the files, but since the files are encrypted the files and tape and anything on the network is useless. If not discussed previously I'd like to see a parameter for what encryption program to use (pgp, gpg, enigma, etc) and a parameter for either a pass phrase, chat script, or something similiar to be given. Maybe the program needs two parameters, one for encryption and one for decryption. Thoughts? Mike - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
