BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-)

2010-03-23 18:25:03
Subject: Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-)
From: John Rouillard <rouilj-backuppc AT renesys DOT com>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Tue, 23 Mar 2010 22:04:40 +0000 
On Tue, Mar 23, 2010 at 03:14:52PM -0500, Les Mikesell wrote:
> On 3/23/2010 2:41 PM, Frank J. Gómez wrote:
> > I have an interesting situation here.  One of my users refuses to
> > participate in the system of backups because she's concerned about the
> > security of her files.  She agreed to participate if I can make the
> > system work such that even I am unable to see the contents of her
> > files.  She's running Windows -- XP Home, I believe.
> >
> > A little Googling and some brainstorming leads me to consider three
> > courses of action.
> >
> >    1. Use a pre-dump command to encrypt the files before BackupPC reads
> >       her files.  I've not used pre-dump commands before, so I'm not
> >       entirely sure how they work, but I imagine I could tell BackupPC
> >       to read only c:\foo, but, prior to doing that, run a script which
> >       takes the files in c:\my\sensitive\junk and creates an encrypted
> >       archive in c:\foo.  I assume the pre-dump script would live in the
> >       cygwin environment, which is probably better for me anyway, since
> >       I don't know anything about Windows scripting.  If this were a
> >       Linux system, I'd tar the files up and then pass the tar to gnupg,
> >       but I don't know if this is possible in a cygwin environment.
> >       Then, post-dump, I'd shred (or rm, if shred is unavailable) the
> >       temporary file in c:\foo.
> >    2. Some post I read somewhere suggested you could simply change your
> >       compression method or transfer method to a script that does the
> >       encryption before writing to disk.  Nice thing about this idea is
> >       I can do all the configuration on the server.  Does sound a little
> >       scary though!
> >    3. Use scheduled tasks (or whatever the Windows equivalent of cron
> >       is) to periodically create/delete encrypted archives, independent
> >       of BackupPC scheduling.
> 
> If you have the ability to run the pre-dump command, you have the 
> ability to read the files...  Maybe you could use a scheduled job on the 
> sensitive machine to write encrypted copies to some network share that 
> you back up.

Backups are useless if they can't be restored. If they are encrypted
so that you can't restore them, then are they reducing the risk for
the company?  If they are encrypted and she is dead and her system is
fried (perhaps the bus came into her office or something running over
the computer) how does your business continue running without those
files? If her files don't matter to the business then I wouldn't waste
the time backing them up. If they do matter to the business then her
boss should be telling her that her machine will be backed up to
company standards.

If the files are subject to discover in a legal action, and IT can't
recover the files as part of discovery and the only person with the
"keys" to the historical backups of the files doesn't want to
cooperate with discovery, you have some major issues.

If she has confidential files with auditing requirements for access,
then storing them unencrypted on her system but encrypted on the
server is a workable alternative that will satisfy most requirements.
Alternatively as mentioned, they could be stored encrypted on her
system in a truecrypt volume and you back up the volume (and verify
that it is extractable using your recovery keys/cd) are workable
solutions.

But a system that leaves the data unrecoverable if the person or the
machine die isn't worth wasting the time on in the first place IMO.

-- 
                                -- rouilj

John Rouillard       System Administrator
Renesys Corporation  603-244-9084 (cell)  603-643-9300 x 111

Attachment: smime.p7s
Description: S/MIME cryptographic signature

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-), Jeffrey J. Kosowsky
Next by Date:  Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-), Cody Dunne
Previous by Thread:  Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-), Steve
Next by Thread:  Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-), Jeffrey J. Kosowsky
Indexes:  [Date] [Thread] [Top] [All Lists]