|
Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-)
2010-03-25 23:56:10
Thanks for all the replies. I thought I'd hold off a bit on adding anything new to the thread to give everyone who was inclined to respond a chance to do so, as well as to give myself some time to digest the information.
Max wrote about encrypting the backup partition on the server. We're not currently doing that, but it's an excellent idea, and one that I'll implement when I replace this server (it's due). Unfortunately, it does not address the question of my access to the files.
But that's a question worth exploring per se. The organization is a tiny nonprofit, where most "departments" consist of just one person. So, I guess technically the user with the specific requirements is "management" -- she's the head of the legal department... but, by the same token, I guess that makes me Director of Information Technology. 
Steve, your idea about using TrueCrypt to encrypt the files before I (or BackupPC) ever see them is a good one... technically. (The requirements some others brought up -- knowable filenames, restoration of individual files, etc. -- aren't an issue here, as the number of files to be backed up is small.) Backing up a virtual encrypted disk protects her files from my prying eyes as well as from hard drive failure, but it doesn't do anything to protect the organization in the event of, say, her death. At the end of the day, the files belong to the organization, and the organization needs to be able to recover them with or without the cooperation of the employee in question.
I think her concerns about security are a little overblown -- and perhaps not the genuine reason for her reticence. For instance, right now, I am the only person in the office, and her laptop is a mere 20 feet away. I could have her files on the Internet in about 10 minutes. And even if she's been deleting them, I'm sure I could recover numerous "sensitive" documents with the little forensic knowledge I have, because she's relying on regular Windows deletion -- no shred or dd action here. Someone who really knows what they're doing could have a field day.
As is often the case, the solution will likely come not from technology but from policy. I talked to the executive director about it, and she was not particularly happy to hear that most or all of the organization's legal documents were at increased risk for permanent loss. Perhaps additional discussion will reveal the underlying reasons (which I should say I have no reason to believe are malicious) for avoiding backups. Who knows -- once I know what they are, I might even be able to address them.
Thanks, everyone,
-Frank
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev _______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-), (continued)
|
|
|
