Re: Secure backup on remote untrusted server over slow line?
From: Brian C. Lane (bcl@brianlane.com)Date: 06/15/02
- Next message: Nico Kadel-Garcia: "Re: Errata for RedHat: how reliable?"
- Previous message: Brian C. Lane: "Re: Secure backup on remote untrusted server over slow line?"
- Maybe in reply to: Preben Bohn: "Secure backup on remote untrusted server over slow line?"
- Next in thread: : "Re: Secure backup on remote untrusted server over slow line?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Brian C. Lane <bcl@brianlane.com> Date: Fri, 14 Jun 2002 17:10:19 -0700
On Thu, 13 Jun 2002 17:16:48 +0200
Preben Bohn <preben_bohn@yahoo.com> wrote:
> "Brian C. Lane" wrote:
> > On your secure system write a find backup script (I used to
> > have one before I switched to using rsync for backups) that finds all
> > the changed files (compared with a timestamped file you create
> > after each backup) and copies them into a new filesystem tree.
> > Use apio to compress and archive the tree (apio is better than
> > tar because it compresses individual files, a corrupt byte won't
> > hose the whole archive). Then use gpg to encrypt the compressed
> > file to you (use a throw-away gpg key, not your normal one, a
> > s the source key for the encryption. Its the destination key
> > that matters). Then transfer the compressed, encrypted file over
> > to the untrusted system.
> > Simple eh? <G>
>
> Yep, but it will not work I think.
> The problem is that I need to always update the remote system mirror.
> With your method I will "just" get a lot of updates, and this will
> eventually fill up the remote server harddisk space, since I can not
> merge them remotely.
> Only solution is to once in a while to re-initialise the mirror, but
> this (I think) is a waste of bandwidth, and will take too long time...
I guess I don't quite get what you are trying to accomplish then. As I understand it you have a system under your control and another system that is under someone elses control, right? You want to save backups on the second system but have them protected against fiddling and filching. This means that you cannot do ANY operations on the unencrypted data on the second system.
When doing the backups you can do 1 of 3 things, a full backup of everything, a partial backup of all changes since the last full backup, or multiple increments based on the last backup. I prefer method #2 so that you only need a full backup and one incremental to restore, not a bunch of incrementals.
Really though, what you need is physical access to your sever and a DVD burner. Nothing else is going to be reliable enough.
Good Luck,
Brian
-- Linux Consulting and Software Development http://www.brianlane.com DigiTemp --[Inside 77.2F]--[Outside 97.5F]--[fozzy 80.2F]--[Drink 62.1F]--
- Next message: Nico Kadel-Garcia: "Re: Errata for RedHat: how reliable?"
- Previous message: Brian C. Lane: "Re: Secure backup on remote untrusted server over slow line?"
- Maybe in reply to: Preben Bohn: "Secure backup on remote untrusted server over slow line?"
- Next in thread: : "Re: Secure backup on remote untrusted server over slow line?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
