Date: Sun, 16 May 1999 20:55:08 -0400 From: "Joe Gleason" <freebsd.list@bug.tasam.com> To: <nr1@ihug.co.nz>, <freebsd-security@FreeBSD.ORG> Subject: Re: secure backup Message-ID: <006b01be9fff$ee9176e0$7271a1ce@tasam.com> References: <199905170014.MAA18766@smtp1.ihug.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
I backup my workstation via piping a tar output through pgp. I never throught about the data error possiblity. It would be inclined to let tcp handle it. If that doesn't meet your needs, you could setup something completely insane with shell scripting. (My answer to every problem). The script could do something like this, on the machine with the files to backup (I'll call it A) it will run a find, and do a for loop on the output of that find. For each of these files, it will pgp the file and send it to B (system receiving backup) The sending can go something like this, A connects to B on port x and sends the filename that it is about to send. Then A connects to B on port y and sends the data. B saves the file that is receives on y as the name is was given on x and then adds this file to a tarball. This connection from A to B can be done via faucet and hose. This way, the final product will be a tarball on B that has each file encrypted and separate. There would be alot of security issues in making sure that A cannot be spoofed to send odd things to B to compromise it via ports x and y, but that could be handled with setting the remote host in faucet, maybe ipfw and general sanity checks on anything comming into B. My ramblings for the day. Joe Gleason Tasam ----- Original Message ----- From: <nr1@ihug.co.nz> To: <freebsd-security@FreeBSD.ORG> Sent: Sunday, May 16, 1999 20:14 Subject: secure backup > Can anyone recommend how I should go about creating a backup to an untrusted > machine that has the tape drive, and using an untrusted network. > > I'm a bit wary of encrypting the output of tar or dump, as a single byte error > would make the rest of the backup useless. I'd like to encrypt (pgp?) each > file separately as I go, so that a corrupted byte affects only one file on > retrieval. Is there an existing way to do this, or should I hack tar or dump > into doing it? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006b01be9fff$ee9176e0$7271a1ce>