Re: Secure backup on remote untrusted server over slow line?

From: frag (frag@holmesandturner.com)
Date: 06/12/02

• Next message: : "Continual SSL traffic to Redhat Network"
• Previous message: Macbrush: "Re: which firewall (iptables) can i use ?"
• Maybe in reply to: Preben Bohn: "Secure backup on remote untrusted server over slow line?"
• Next in thread: Kasper Dupont: "Re: Secure backup on remote untrusted server over slow line?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: frag <frag@holmesandturner.com>
Date: Wed, 12 Jun 2002 15:13:26 -0600

On Wed, 12 Jun 2002 18:42:02 GMT, "Natman" <natmanz@home.com> wrote:

>
>"Preben Bohn" <preben_bohn@yahoo.com> wrote in message
>news:3D075B5E.9C77DDBB@yahoo.com...
>> Hi all, I hope the subject says it all... :-)
>>
>> If not, here's my problem, I really hope someone can help me:
>>
>> I want to backup my linux server (~10GB data) on a remote server over a
>> slow line (~200 kbps). I only need a snapshot at say 1 days interval.
>> The changes to the server data are relatively small so an incremental
>> scheme is the way to go (and with 10GB over 200 kbps it is the only way
>> :)).
>>
>> The problem is that the remote server is "public" available, so I need
>> to encrypt the data somehow. Does anyone have any good ideas to how I
>> can accomplish this?
>>
>>
>> My own ideas:
>> 1) Make a secure filesystem on my own server and rsync the filesystem
>> file to the remote server. The problem with this approach is that
>> according to http://rsync.samba.org/fom-serve/cache/60.html rsync
>> requires at least 3*(the filesize)? free space on the remote server to
>> do this, and I havn't got that much... Also it seems like a waste of
>> processing power to encrypt the entire filesystem, when I only need to
>> encrypt what I send to (and store on) the remote server... This leads me
>> to option 2:
>>
>> 2) Make a program myself that reads /dev/hdXX in blocks, encrypt the
>> block, compare a checksum of this block to the corresponding checksum on
>> the remote server's block, and transfer the local block if they are
>> different. I'll probably face some problems with the disk changing while
>> reading, and such...?
>>
>> Any ideas would be highly appreciated...
>>
>> Best regards
>>
>> Preben
>
>
>I just read through this and an idea came to mind, so here it goes.
>
>To detect what has changed, you could create a 'database' of MD5sums or
>something like that. I use Tripwire, a good IDS which does something
>similar to inform me what files have changed (ie, possibly hacked by
>someone). When it comes time to backup, just run some script that makes a
>list of changes. Encrypt those files to a temporary place, send them to the
>remote end (scp?), and don't forget to update the 'database'. If free space
>is a problem locally, then just do (encrypt then send) each file one at a
>time. It doesn't matter what happens to files while the script is working,
>so there's no file locking problem. On the remote end, you would have a
>filesystem that looks exactly like yours, except each file would be
>encrypted seperatly.
>
>I believe most of this could be done with a simple script (like bash?). The
>'database' could be just a plain text file of names with MD5sums -- although
>it would be fairly large. Tripwire manages to make a database that fits on
>a floppy, most likely it uses some good compression. The encryption might
>be the hardest part, as you need to find a utility that will do whatever you
>would like. Oh, and while you're at it, why not compress (gzip) each file
>to save space.
>
>Maybe this sounds like a bit of a pain, but I think it does exactly what you
>need.
>
>Nathan
>
>
>
You may want to look into using CVS or CFengine. Not quite what they
were built for but it works...

Frag

---

• Next message: : "Continual SSL traffic to Redhat Network"
• Previous message: Macbrush: "Re: which firewall (iptables) can i use ?"
• Maybe in reply to: Preben Bohn: "Secure backup on remote untrusted server over slow line?"
• Next in thread: Kasper Dupont: "Re: Secure backup on remote untrusted server over slow line?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages SecurityFocus Microsoft Newsletter #152 ... MICROSOFT VULNERABILITY SUMMARY ... Real Networks Helix Universal Server Remote Buffer Overflow ... ... NEW PRODUCTS FOR MICROSOFT PLATFORMS ... (Focus-Microsoft) Re: SQL 2005 Express Connection Problem ... sql2005 support auto attaching a database in the connect string. ... The remote site is not a company ... An error has occurred while establishing a connection to the server. ... When connecting to SQL Server 2005, this failure may be caused by the ... (microsoft.public.dotnet.framework.aspnet) SecurityFocus Microsoft Newsletter #140 ... Cafelog b2 Remote File Include Vulnerability ... Webfroot Shoutbox Remote Command Execution Vulnerability ... Pablo Software Solutions Baby POP3 Server Multiple Connection... ... Microsoft Windows XP Nested Directory Denial of Service... ... (Focus-Microsoft) Re: Password encryption ... I have source code to the database including ODBC server and ... can encrypt the password before passing it to us so we can remain ignorant ... support for AD integration so that customers can logon to our database ... i.e. they enter it into the ODBC/JDBC client. ... (microsoft.public.windows.server.active_directory) Re: Secure backup on remote untrusted server over slow line? ... >> to encrypt the data somehow. ... >> file to the remote server. ... and don't forget to update the 'database'. ... (comp.os.linux.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2002-10