Markus Falb wrote:
> Eric Böse-Wolf wrote:
>
>
>> Vladimir Doisan <vdoisan AT giantmarkets DOT com> writes:
>>
>>
>>> If you turn TLS and file encryption - the data will be double encrypted
>>>
>> If I only turn on file encryption, then the data goes encrypted over the
>> wire or the air, but what is not encrypted?
>>
>> For example what's with the connection cookie the director presents the
>> [FS]D (don't know exactly)?
>>
>
> Same Question here! In other words: If i do Data Encryption, is it safe
> to avoid the double encryption by disabling TLS for File Daemon to
> Storage Daemon Network Communication ?
>
>
As I understand it, "data encryption" (as the manual uses the term)
means the FD encrypts the CONTENTS of every file before it's sent to the
SD. The SD then stores each file to the backup media as-is (in its
encrypted form). No decryption (or encryption for that matter) is done
by the SD. File metadata (filename, path, size, permissions, etc.) are
not encrypted, nor are any other aspects of the communication between
the FD and SD (commands, negotiation, etc.).
"TLS encryption" refers to encryption of the communication channel
between the various daemons -- in this case, we're concerned with the
communication channel between the SD and FD. With "TLS encryption" the
FD encrypts everything it sends to the SD (file contents, metadata,
commands, etc.) , but unlike "data encryption" the SD decrypts
everything at the other end. If you are not also using "data
encryption" your files get written to the backup media UNencrypted.
So the answer to your question depends on which pieces of your backup
scheme you consider to be insecure. If you're worried about someone
getting hold of your backup media, you need "data encryption". If
you're worried about someone eavesdropping on communications between the
FD and SD, you need "TLS encryption". And obviously, if you're worried
about both, you need both.
- Cedric
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|