Frank J. Gómez wrote:
> I have an interesting situation here. One of my users refuses to
> participate in the system of backups because she's concerned about the
> security of her files. She agreed to participate if I can make the
> system work such that even I am unable to see the contents of her
> files. She's running Windows -- XP Home, I believe.
>
> A little Googling and some brainstorming leads me to consider three
> courses of action.
>
> 1. Use a pre-dump command to encrypt the files before BackupPC reads
> her files. I've not used pre-dump commands before, so I'm not
> entirely sure how they work, but I imagine I could tell BackupPC
> to read only c:\foo, but, prior to doing that, run a script which
> takes the files in c:\my\sensitive\junk and creates an encrypted
> archive in c:\foo. I assume the pre-dump script would live in the
> cygwin environment, which is probably better for me anyway, since
> I don't know anything about Windows scripting. If this were a
> Linux system, I'd tar the files up and then pass the tar to gnupg,
> but I don't know if this is possible in a cygwin environment.
> Then, post-dump, I'd shred (or rm, if shred is unavailable) the
> temporary file in c:\foo.
> 2. Some post I read somewhere suggested you could simply change your
> compression method or transfer method to a script that does the
> encryption before writing to disk. Nice thing about this idea is
> I can do all the configuration on the server. Does sound a little
> scary though!
> 3. Use scheduled tasks (or whatever the Windows equivalent of cron
> is) to periodically create/delete encrypted archives, independent
> of BackupPC scheduling.
>
> How would you do it? What encryption software would you use?
My entire backup partition is encrypted, so if someone steals the
server, we're protected at least from that standpoint. I'm just using
LUKS, so after it boots up I have to manually mount the partition and
provide the passphrase for the encrypted device. So, if anyone did take
the server, nothing is automounted with the backups either.
It remains in a locked room then, with no mouse or keyboard either, and
the building is alarmed. Once it's online then, online two
administrators, myself and my boss, are able to view the backups threw
BackupPC's web interface.
The user seems awfully demanding. Is there items in her files that you
are not allowed to see by policy of your company? I guess I'm just
wondering why you would have to go jump through all these hoops, if the
user is demanding it and not management.
Regards,
Max
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
