Backup Central

Hi,

Is it possible to make the files storage encrypted for security raisons
and how to do it ?

Sam.

--=20

Sam Przyswa - Chef de projet
Arial Concept - Int=E9grateur Internet
36, rue de Turin - 75008 - Paris - France
Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01
Web: http://www.arial-concept.com - Email: Info < at > arial-concept.com


--=20
Ce message a =E9t=E9 v=E9rifi=E9 par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a =E9t=E9 trouv=E9.
MailScanner remercie transtec pour son soutien.



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

That coudl be done fairly easily just use encrypt the filesystem you are
putting the data on.
http://tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html#toc3


..Kevin


On Sat, 10 Jul 2004 18:37:51 +0200, Sam Przyswa <samp < at > arial-concept.com>
wrote:

Hi,

Is it possible to make the files storage encrypted for security raisons
and how to do it ?

Sam.





-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Hi,

Loopback Encrypted Filesystem is a good idea, but it will be nice to
implement a password management for each user to encrypt his backup.

Before the first backup it will be asked the user to give a password to
encrypt/decrypt the data.

This will introduce =E0 problem: to change the password it should be
decrypt the entire device with the previous password and encrypt it with
the new one. Other problem the password must be stored in server side...

What do you think about ?

Sam.

Le sam 10/07/2004 =E0 20:46, kevin oswald a =E9crit :
That coudl be done fairly easily just use encrypt the filesystem you ar=
e=20
putting the data on.
http://tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html#toc3
=20
=20
..Kevin
=20
=20
On Sat, 10 Jul 2004 18:37:51 +0200, Sam Przyswa <samp < at > arial-concept.com=
=20
wrote:
=20
Hi,

Is it possible to make the files storage encrypted for security reaso=
ns
and how to do it ?

Sam.

--=20

Sam Przyswa - Chef de projet
Arial Concept - Int=E9grateur Internet
36, rue de Turin - 75008 - Paris - France
Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01
Web: http://www.arial-concept.com - Email: Info < at > arial-concept.com


--=20
Ce message a =E9t=E9 v=E9rifi=E9 par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a =E9t=E9 trouv=E9.
MailScanner remercie transtec pour son soutien.



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

BackupPC stores only one copy of files that are identical on multiple
computers. If you encrypted files on a per-user basis, it would "break"
this file pooling.

There is already the capability to set user passwords on the BackupPC =
web
interface, which limits users to seeing/using only their own backups. I
think that is probably sufficient for most cases. Encrypting the =
filesystem
would give better protection from circumventing the BackupPC interface, =
but
I think per-user file encryption is in conflict with the BackupPC =
design.

Mike

-----Original Message-----
From: backuppc-users-admin < at > lists.sourceforge.net
[mailto:backuppc-users-admin < at > lists.sourceforge.net] On Behalf Of Sam =
Przyswa
Sent: Saturday, July 10, 2004 3:08 PM
To: kevin oswald
Cc: backuppc-users < at > lists.sourceforge.net
Subject: Re: [BackupPC-users] Crypted storage ?

Hi,

Loopback Encrypted Filesystem is a good idea, but it will be nice to
implement a password management for each user to encrypt his backup.

Before the first backup it will be asked the user to give a password to
encrypt/decrypt the data.

This will introduce =E0 problem: to change the password it should be
decrypt the entire device with the previous password and encrypt it with
the new one. Other problem the password must be stored in server side...

What do you think about ?

Sam.

Le sam 10/07/2004 =E0 20:46, kevin oswald a =E9crit :
That coudl be done fairly easily just use encrypt the filesystem you =
are=20
putting the data on.
http://tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html#toc3
=20
=20
..Kevin
=20
=20
On Sat, 10 Jul 2004 18:37:51 +0200, Sam Przyswa =
<samp < at > arial-concept.com>=20
wrote:
=20
Hi,

Is it possible to make the files storage encrypted for security =
reasons
and how to do it ?

Sam.

--=20

Sam Przyswa - Chef de projet
Arial Concept - Int=E9grateur Internet
36, rue de Turin - 75008 - Paris - France
Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01
Web: http://www.arial-concept.com - Email: Info < at > arial-concept.com


--=20
Ce message a =E9t=E9 v=E9rifi=E9 par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a =E9t=E9 trouv=E9.
MailScanner remercie transtec pour son soutien.



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -=20
digital self defense, top technical experts, no vendor pitches,=20
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Le jeu 15/07/2004 =E0 11:38, mtrisko a =E9crit :
BackupPC stores only one copy of files that are identical on multiple
computers. If you encrypted files on a per-user basis, it would "break=
"
this file pooling.
=20
There is already the capability to set user passwords on the BackupPC w=
eb
interface, which limits users to seeing/using only their own backups. =
I
think that is probably sufficient for most cases. Encrypting the files=
ystem
would give better protection from circumventing the BackupPC interface,=
but
I think per-user file encryption is in conflict with the BackupPC desig=
n.
=20
=20
Hmm, for most companies this could be a problem in case of external
backup as we planed to do, they want to be sure that anybody can't read
there files on the distant storage area.

Sam.



--=20
Ce message a =E9t=E9 v=E9rifi=E9 par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a =E9t=E9 trouv=E9.
MailScanner remercie transtec pour son soutien.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

* [Sam Przyswa]

Hmm, for most companies this could be a problem in case of external
backup as we planed to do, they want to be sure that anybody can't read
there files on the distant storage area.

Well, the backuppc backup server is a trusted machine as it needs to
have read access to all the backup clients. A breakin to the backuppc
server would in most cases yield root access over ssh to all unix
clients and Administrator, or at least Backup, access to all Windows
clients.

I guess you could store all the backups _and_ the ssh keys / passwords
on an encrypted filesystem and require that the passphrase for this
filesystem be entered on every boot. This way, the normal "booting in
single user" trick wouldn't work on the backup server, since the
attacker would still need the password.

Øystein
--
Nobody really reads these signatures anyway.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

"Sam Przyswa" <samp < at > arial-concept.com> wrote:
Hmm, for most companies this could be a problem in case of external
backup as we planed to do, they want to be sure that anybody can't read
there files on the distant storage area.

If the BackupPC server is to be located off-site, it would seem like a
possible security hole. If the BackupPC server is located on-site and a copy
of the backupPC drive is sent off-site every hour/day/week, then that
off-site copy could be encrypted with regular symmetric encryption.

Where I work, we keep an on-site backup with BackupPC and we keep another
independant backup of the same files with Veritas BackupPC Exec and tape
drives sent off-site every week. In about one year of use, I must say that
I'm really happy with this dual system. There have been occasions when I had
to recover a deleted file and some reason BackupPC has not worked, so I had
to get it from the tape; and there have been occasions when Veritas has not
taken the backup and BackupPC had it.

Best,
GFK's
--
Guillaume Filion, ing. jr
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Le jeu 15/07/2004 =E0 21:12, Guillaume Filion a =E9crit :
"Sam Przyswa" <samp < at > arial-concept.com> wrote:
Hmm, for most companies this could be a problem in case of external
backup as we planed to do, they want to be sure that anybody can't re=
ad
there files on the distant storage area.
=20
If the BackupPC server is to be located off-site, it would seem like a
possible security hole. If the BackupPC server is located on-site and a=
copy
of the backupPC drive is sent off-site every hour/day/week, then that
off-site copy could be encrypted with regular symmetric encryption.

Yes it's good solution for on-site backup with redondant external
backup.

But some customers ask for an external backup service and they want
encrypted backup for their external storage, I try to find a solution
with BackupPC.

Sam.



--=20
Ce message a =E9t=E9 v=E9rifi=E9 par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a =E9t=E9 trouv=E9.
MailScanner remercie transtec pour son soutien.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

* [Sam Przyswa]

But some customers ask for an external backup service and they want
encrypted backup for their external storage, I try to find a solution
with BackupPC.

You ssh-ing in to enter the password to mount the encrypted filesystem
after every boot might satisfy your customers. Especially if you
describe to them the elaborate tricks you will be using to make sure the
computer's security has not been compromised before you enter the
password.

(think tripwire/aide or just tell them you "virus scan" it, depending on
their level of competence

Øystein
--
When in doubt: Think again.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

* [Sam Przyswa]

Yes it is a solution but I have to mount and unmount the entire
encrypted filesystem or have an encrypted partition for each
machine/customer and this partition must be mounted all the day, so an
user with root privileges can read the files.

If you intend to give your customers root access to the backuppc server,
you need to have one server for each customer. Server side encryption
simply won't help you.

Client side encryption is difficult, though theoretically possible.
If you use rsyncssh and/or rsyncd backups, you could deploy a specially
modified rsync on all your backup clients. This variant of rsync would
encrypt every file on the fly, and the actual rsyncing would be of
encrypted files. In the case of rsyncssh, you would need to set up ssh
to only allow access to that particular modified rsync program when
logging in with the ssh-key stored on the backuppc server. This version
of rsync would of course also only accept properly encrypted data as
input for restores.

Alas, there is no such version of rsync, so you'd need to create it
yourself.

Øystein
--
If it ain't broke, don't break it.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

* [Les Mikesell]

On Thu, 2004-07-22 at 07:00, Sam Przyswa wrote:

The question is where/how get the pass phrase to backup/restore files

The point is that it is impossible to do this in a way that
a person with root privileges can't intercept by replacing
the executable with a trojan or reading the raw device
where the pass phrase is submitted.

With the theoretical modified crypto-rsyncd running on the clients, root
on the backuppc server is none the wiser, as he can only see the
encrypted files. The only bad thing he could do would be to restore
older versions of a user's files (which is bad enough), but he couldn't
ever gain access to the actual data in the files.

The crypto keys are stored on the backup clients, so root at the
backuppc server can't get at them, either.

Just remember to back up the crypto keys in their unencrypted form to
separate media and store in a safe place (say, CD-Rs in a secure storage
locker rented at the local bank). If you don't do this, you'll be hard
put to ever restore anything to a computer where the hard drive dies


Anyway, there is no such modified rsyncd, so until someone decides to
sit down and make one, this is a pretty useless though experiment.
Meanwhile I'm happy with the system of having the backuppc server placed
in a secure server room with only trusted people being given root
access..

Øystein
--
ssh -c rot13 otherhost



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/