Date: Sun, 16 May 1999 20:58:30 -0400 From: "Joe Gleason" <freebsd.list@bug.tasam.com> To: "Nicholas Merrill" <lists@mojo.calyx.net> Cc: <nr1@ihug.co.nz>, <freebsd-security@FreeBSD.ORG> Subject: Re: secure backup Message-ID: <008101bea000$637a5bc0$7271a1ce@tasam.com> References: <Pine.BSF.4.05.9905162056090.24854-100000@mojo.calyx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
But that wouldn't be nearly as much fun! ----- Original Message ----- From: Nicholas Merrill <lists@mojo.calyx.net> To: Joe Gleason <freebsd.list@bug.tasam.com> Cc: <nr1@ihug.co.nz>; <freebsd-security@FreeBSD.ORG> Sent: Sunday, May 16, 1999 20:56 Subject: Re: secure backup > > you could try substituting BRU (www.estinc.com) for tar. BRU is much > better at recovering from errors, and does checksums > > -------------------------------------------------------------------- -------- > Nicholas Merrill http://www.calyx.net Voice: 212-966-1900 > President / CEO http://www.calyx.nl Fax : 212-966-3965 > Calyx Internet Access 13 Laight St. NYC, NY 10013 Email: nick@calyx.net > -------------------------------------------------------------------- -------- > > On Sun, 16 May 1999, Joe Gleason wrote: > > > I backup my workstation via piping a tar output through pgp. I never > > throught about the data error possiblity. It would be inclined to let > > tcp handle it. > > > > If that doesn't meet your needs, you could setup something completely > > insane with shell scripting. (My answer to every problem). > > > > The script could do something like this, > > on the machine with the files to backup (I'll call it A) > > > > it will run a find, and do a for loop on the output of that find. For > > each of these files, it will pgp the file and send it to B (system > > receiving backup) > > > > The sending can go something like this, A connects to B on port x and > > sends the filename that it is about to send. Then A connects to B on > > port y and sends the data. B saves the file that is receives on y as > > the name is was given on x and then adds this file to a tarball. > > > > This connection from A to B can be done via faucet and hose. > > > > This way, the final product will be a tarball on B that has each file > > encrypted and separate. > > > > There would be alot of security issues in making sure that A cannot be > > spoofed to send odd things to B to compromise it via ports x and y, > > but that could be handled with setting the remote host in faucet, > > maybe ipfw and general sanity checks on anything comming into B. > > > > My ramblings for the day. > > > > Joe Gleason > > Tasam > > > > ----- Original Message ----- > > From: <nr1@ihug.co.nz> > > To: <freebsd-security@FreeBSD.ORG> > > Sent: Sunday, May 16, 1999 20:14 > > Subject: secure backup > > > > > > > Can anyone recommend how I should go about creating a backup to an > > untrusted > > > machine that has the tape drive, and using an untrusted network. > > > > > > I'm a bit wary of encrypting the output of tar or dump, as a single > > byte error > > > would make the rest of the backup useless. I'd like to encrypt > > (pgp?) each > > > file separately as I go, so that a corrupted byte affects only one > > file on > > > retrieval. Is there an existing way to do this, or should I hack > > tar or dump > > > into doing it? > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008101bea000$637a5bc0$7271a1ce>