From: Frank J. G. <fr...@cr...> - 2010-03-23 19:42:09
|
I have an interesting situation here. One of my users refuses to participate in the system of backups because she's concerned about the security of her files. She agreed to participate if I can make the system work such that even I am unable to see the contents of her files. She's running Windows -- XP Home, I believe. A little Googling and some brainstorming leads me to consider three courses of action. 1. Use a pre-dump command to encrypt the files before BackupPC reads her files. I've not used pre-dump commands before, so I'm not entirely sure how they work, but I imagine I could tell BackupPC to read only c:\foo, but, prior to doing that, run a script which takes the files in c:\my\sensitive\junk and creates an encrypted archive in c:\foo. I assume the pre-dump script would live in the cygwin environment, which is probably better for me anyway, since I don't know anything about Windows scripting. If this were a Linux system, I'd tar the files up and then pass the tar to gnupg, but I don't know if this is possible in a cygwin environment. Then, post-dump, I'd shred (or rm, if shred is unavailable) the temporary file in c:\foo. 2. Some post I read somewhere suggested you could simply change your compression method or transfer method to a script that does the encryption before writing to disk. Nice thing about this idea is I can do all the configuration on the server. Does sound a little scary though! 3. Use scheduled tasks (or whatever the Windows equivalent of cron is) to periodically create/delete encrypted archives, independent of BackupPC scheduling. How would you do it? What encryption software would you use? Cheers, -Frank |
From: Carl W. S. <ch...@re...> - 2010-03-23 19:51:31
|
On 03/23 03:41 , Frank J. Gómez wrote: > I have an interesting situation here. One of my users refuses to > participate in the system of backups because she's concerned about the > security of her files. She agreed to participate if I can make the system > work such that even I am unable to see the contents of her files. She's > running Windows -- XP Home, I believe. You may want to offer her some payware like Crashplan (www.crashplan.com). I believe this does encryption and offers some other nice features for users on the road. (push driven architecture, backs up locked files, throttleable rsync-like backups). Backuppc is great; but one should use the appropriate tool for the job. -- Carl Soderstrom Systems Administrator Real-Time Enterprises www.real-time.com |
From: Max H. <max...@ve...> - 2010-03-23 19:51:47
|
Frank J. Gómez wrote: > I have an interesting situation here. One of my users refuses to > participate in the system of backups because she's concerned about the > security of her files. She agreed to participate if I can make the > system work such that even I am unable to see the contents of her > files. She's running Windows -- XP Home, I believe. > > A little Googling and some brainstorming leads me to consider three > courses of action. > > 1. Use a pre-dump command to encrypt the files before BackupPC reads > her files. I've not used pre-dump commands before, so I'm not > entirely sure how they work, but I imagine I could tell BackupPC > to read only c:\foo, but, prior to doing that, run a script which > takes the files in c:\my\sensitive\junk and creates an encrypted > archive in c:\foo. I assume the pre-dump script would live in the > cygwin environment, which is probably better for me anyway, since > I don't know anything about Windows scripting. If this were a > Linux system, I'd tar the files up and then pass the tar to gnupg, > but I don't know if this is possible in a cygwin environment. > Then, post-dump, I'd shred (or rm, if shred is unavailable) the > temporary file in c:\foo. > 2. Some post I read somewhere suggested you could simply change your > compression method or transfer method to a script that does the > encryption before writing to disk. Nice thing about this idea is > I can do all the configuration on the server. Does sound a little > scary though! > 3. Use scheduled tasks (or whatever the Windows equivalent of cron > is) to periodically create/delete encrypted archives, independent > of BackupPC scheduling. > > How would you do it? What encryption software would you use? My entire backup partition is encrypted, so if someone steals the server, we're protected at least from that standpoint. I'm just using LUKS, so after it boots up I have to manually mount the partition and provide the passphrase for the encrypted device. So, if anyone did take the server, nothing is automounted with the backups either. It remains in a locked room then, with no mouse or keyboard either, and the building is alarmed. Once it's online then, online two administrators, myself and my boss, are able to view the backups threw BackupPC's web interface. The user seems awfully demanding. Is there items in her files that you are not allowed to see by policy of your company? I guess I'm just wondering why you would have to go jump through all these hoops, if the user is demanding it and not management. Regards, Max |
From: Josh M. <jm...@nr...> - 2010-03-23 19:55:23
|
On Tue, 23 Mar 2010 15:41:14 -0400, Frank J. Gómez <fr...@cr...> wrote: > I have an interesting situation here. One of my users refuses to > participate in the system of backups because she's concerned about the > security of her files. She agreed to participate if I can make the > system work such that even I am unable to see the contents of her > files. She's running Windows -- XP Home, I believe. Stop. Proceed no further. I fought this battle at a previous employment with a member of the legal team who refused allow any possibility of the sysadmins seeing the data on his computer. We eventually gave him an external jazz drive and made him swear to back up himself. Said company left a multi-million dollar hole in the ground when it eventually cratered (not just tanked). In IT you have to trust your sysadmins. If you don't trust the people who run your security, your networks, your backups, etc... what are they doing working for you? If possible, bring this situation to the user's supervisor and let him/her know the risk that the user is putting on the company by not backing up. If not possible, quit. I'm not trolling, I'm actually serious. You don't want to be anywhere near a company that his this lack of faith in its IT department. http://lopsa.org/CodeOfEthics -Josh -- -------------------------------------------------------- Joshua Malone Systems Administrator (jm...@nr...) NRAO Charlottesville 434-296-0263 www.cv.nrao.edu 434-249-5699 (mobile) BOFH excuse #426: internet is needed to catch the etherbunny -------------------------------------------------------- |
From: Max H. <max...@ve...> - 2010-03-23 20:01:14
|
Max Hetrick wrote: > It remains in a locked room then, with no mouse or keyboard either, and > the building is alarmed. Once it's online then, online two > administrators, myself and my boss, are able to view the backups threw > BackupPC's web interface. ... through not threw. My typing and thinking skills aren't on par today. :) |
From: Les M. <les...@gm...> - 2010-03-23 20:15:02
|
On 3/23/2010 2:41 PM, Frank J. Gómez wrote: > I have an interesting situation here. One of my users refuses to > participate in the system of backups because she's concerned about the > security of her files. She agreed to participate if I can make the > system work such that even I am unable to see the contents of her > files. She's running Windows -- XP Home, I believe. > > A little Googling and some brainstorming leads me to consider three > courses of action. > > 1. Use a pre-dump command to encrypt the files before BackupPC reads > her files. I've not used pre-dump commands before, so I'm not > entirely sure how they work, but I imagine I could tell BackupPC > to read only c:\foo, but, prior to doing that, run a script which > takes the files in c:\my\sensitive\junk and creates an encrypted > archive in c:\foo. I assume the pre-dump script would live in the > cygwin environment, which is probably better for me anyway, since > I don't know anything about Windows scripting. If this were a > Linux system, I'd tar the files up and then pass the tar to gnupg, > but I don't know if this is possible in a cygwin environment. > Then, post-dump, I'd shred (or rm, if shred is unavailable) the > temporary file in c:\foo. > 2. Some post I read somewhere suggested you could simply change your > compression method or transfer method to a script that does the > encryption before writing to disk. Nice thing about this idea is > I can do all the configuration on the server. Does sound a little > scary though! > 3. Use scheduled tasks (or whatever the Windows equivalent of cron > is) to periodically create/delete encrypted archives, independent > of BackupPC scheduling. If you have the ability to run the pre-dump command, you have the ability to read the files... Maybe you could use a scheduled job on the sensitive machine to write encrypted copies to some network share that you back up. -- Les Mikesell les...@gm... |
From: Steve <le...@gm...> - 2010-03-23 21:10:07
|
On Tue, Mar 23, 2010 at 4:14 PM, Les Mikesell <les...@gm...> wrote: > If you have the ability to run the pre-dump command, you have the > ability to read the files... Maybe you could use a scheduled job on the > sensitive machine to write encrypted copies to some network share that > you back up. True - which is why she should be given the tools to encrypt her private things herself, then you back up the encrypted version with backuppc... Steve |
From: John R. <rou...@re...> - 2010-03-23 22:23:06
Attachments:
smime.p7s
|
On Tue, Mar 23, 2010 at 03:14:52PM -0500, Les Mikesell wrote: > On 3/23/2010 2:41 PM, Frank J. Gómez wrote: > > I have an interesting situation here. One of my users refuses to > > participate in the system of backups because she's concerned about the > > security of her files. She agreed to participate if I can make the > > system work such that even I am unable to see the contents of her > > files. She's running Windows -- XP Home, I believe. > > > > A little Googling and some brainstorming leads me to consider three > > courses of action. > > > > 1. Use a pre-dump command to encrypt the files before BackupPC reads > > her files. I've not used pre-dump commands before, so I'm not > > entirely sure how they work, but I imagine I could tell BackupPC > > to read only c:\foo, but, prior to doing that, run a script which > > takes the files in c:\my\sensitive\junk and creates an encrypted > > archive in c:\foo. I assume the pre-dump script would live in the > > cygwin environment, which is probably better for me anyway, since > > I don't know anything about Windows scripting. If this were a > > Linux system, I'd tar the files up and then pass the tar to gnupg, > > but I don't know if this is possible in a cygwin environment. > > Then, post-dump, I'd shred (or rm, if shred is unavailable) the > > temporary file in c:\foo. > > 2. Some post I read somewhere suggested you could simply change your > > compression method or transfer method to a script that does the > > encryption before writing to disk. Nice thing about this idea is > > I can do all the configuration on the server. Does sound a little > > scary though! > > 3. Use scheduled tasks (or whatever the Windows equivalent of cron > > is) to periodically create/delete encrypted archives, independent > > of BackupPC scheduling. > > If you have the ability to run the pre-dump command, you have the > ability to read the files... Maybe you could use a scheduled job on the > sensitive machine to write encrypted copies to some network share that > you back up. Backups are useless if they can't be restored. If they are encrypted so that you can't restore them, then are they reducing the risk for the company? If they are encrypted and she is dead and her system is fried (perhaps the bus came into her office or something running over the computer) how does your business continue running without those files? If her files don't matter to the business then I wouldn't waste the time backing them up. If they do matter to the business then her boss should be telling her that her machine will be backed up to company standards. If the files are subject to discover in a legal action, and IT can't recover the files as part of discovery and the only person with the "keys" to the historical backups of the files doesn't want to cooperate with discovery, you have some major issues. If she has confidential files with auditing requirements for access, then storing them unencrypted on her system but encrypted on the server is a workable alternative that will satisfy most requirements. Alternatively as mentioned, they could be stored encrypted on her system in a truecrypt volume and you back up the volume (and verify that it is extractable using your recovery keys/cd) are workable solutions. But a system that leaves the data unrecoverable if the person or the machine die isn't worth wasting the time on in the first place IMO. -- -- rouilj John Rouillard System Administrator Renesys Corporation 603-244-9084 (cell) 603-643-9300 x 111 |
From: Steve <le...@gm...> - 2010-03-23 20:16:09
|
You could show her something like TrueCrypt; if she put all the files she was worried about in a TrueCrypt volume(s), it would just be a "file" as far as BackupPC is concerned. This is available for Windows and Linux I believe, maybe Mac's too... Evets On Tue, Mar 23, 2010 at 4:00 PM, Max Hetrick <max...@ve...> wrote: > Max Hetrick wrote: >> It remains in a locked room then, with no mouse or keyboard either, and >> the building is alarmed. Once it's online then, online two >> administrators, myself and my boss, are able to view the backups threw >> BackupPC's web interface. > > ... through not threw. My typing and thinking skills aren't on par today. :) > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > BackupPC-users mailing list > Bac...@li... > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > -- "It turns out there is considerable overlap between the smartest bears and the dumbest tourists." |
From: Richard S. <hob...@gm...> - 2010-03-23 21:32:44
|
On Tue, Mar 23, 2010 at 3:15 PM, Steve <le...@gm...> wrote: > You could show her something like TrueCrypt; if she put all the files > she was worried about in a TrueCrypt volume(s), it would just be a > "file" as far as BackupPC is concerned. This is available for Windows > and Linux I believe, maybe Mac's too... Maybe a hybrid approach would work? I'm not sure how easy it would be to implement. But what about an encrypted file system using FUSE under Cygwin? (Or something that provides similar functionality under Windows) If it encrypted the files individually, then you could backup the files instead of a whole volume. It doesn't matter for backup purposes, but when you wanted to retrieve a file it would be nice to get the one you want and not have to download the whole file system. Richard |
From: Tyler J. W. <ty...@to...> - 2010-03-24 09:01:16
|
If she were running Linux, you could use EcryptFS and just backup the encrypted files. With Ubuntu, that's dead easy. I don't think any filesystem- aware encryption system exists for Windows. Only partition-aware schemes like TrueCrypt, and individual file encryption like GPG/PGP file encryption. Regards, Tyler On Tuesday 23 March 2010 20:15:57 Steve wrote: > You could show her something like TrueCrypt; if she put all the files > she was worried about in a TrueCrypt volume(s), it would just be a > "file" as far as BackupPC is concerned. This is available for Windows > and Linux I believe, maybe Mac's too... > Evets > > On Tue, Mar 23, 2010 at 4:00 PM, Max Hetrick <max...@ve...> wrote: > > Max Hetrick wrote: > >> It remains in a locked room then, with no mouse or keyboard either, and > >> the building is alarmed. Once it's online then, online two > >> administrators, myself and my boss, are able to view the backups threw > >> BackupPC's web interface. > > > > ... through not threw. My typing and thinking skills aren't on par today. > > :) > > > > ------------------------------------------------------------------------- > >----- Download Intel® Parallel Studio Eval > > Try the new software tools for yourself. Speed compiling, find bugs > > proactively, and fine-tune applications for parallel performance. > > See why Intel Parallel Studio got high marks during beta. > > http://p.sf.net/sfu/intel-sw-dev > > _______________________________________________ > > BackupPC-users mailing list > > Bac...@li... > > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > > Wiki: http://backuppc.wiki.sourceforge.net > > Project: http://backuppc.sourceforge.net/ > -- "Always hold your sales meetings in rooms too small for the audience, even if it means holding them in the WC. 'Standing room only' creates an atmosphere of success, as in theatres and restaurants, while a half-empty auditorium smells of failure." -- David Ogilvy, "Ogilvy on Advertising" |
From: Jeffrey J. K. <bac...@ko...> - 2010-03-23 22:00:44
|
Frank J. Gómez wrote at about 15:41:14 -0400 on Tuesday, March 23, 2010: > I have an interesting situation here. One of my users refuses to > participate in the system of backups because she's concerned about the > security of her files. She agreed to participate if I can make the system > work such that even I am unable to see the contents of her files. She's > running Windows -- XP Home, I believe. XP Home is hardly enterprise class or secure -- and I would think that Backuppc would be the least of her security issues... Interesting company where users run their own home versions of XP and don't trust IT. Does the user realize that if you don't trust IT, then you better not ever connect your computer to the network unless you have totally hardened it and treat the work network as potentially "hostile"? Unless the user is the CEO, it sounds like the user needs a polite talking to by either her manager or the IT head about the role of IT. At least she should better justify her need for such paranoia. On the other hand if she has a legitimate need to protect a subset of her *work* files (say uniquely confidential legal or personnel matters or key business deals), then she could store those in a directory that would be excluded from backups and to which everybody but her would be denied access (this is a bit harder to do with XP Home than XP Pro) -- she would then be responsible for either backing up those files herself or encrypting them and storing them in a directory accessible to BackupPC -- Note you also would need to probably exclude her temp folder from backup since copies of files sometimes appear there. Barring such rare but potentially legitimate needs I would be concerned about two things: 1. Why is she so paranoid and is she truly a team player who is willing to trust her co-workers? 2. Is she using her work computer and or work-time to store and access inappropriate materials such as porn or any other uses that would violate the law or company policy. Does she use proxies to encrypt her internet access while at work? > > A little Googling and some brainstorming leads me to consider three courses > of action. > > 1. Use a pre-dump command to encrypt the files before BackupPC reads her > files. I've not used pre-dump commands before, so I'm not entirely sure how > they work, but I imagine I could tell BackupPC to read only c:\foo, but, > prior to doing that, run a script which takes the files in > c:\my\sensitive\junk and creates an encrypted archive in c:\foo. I assume > the pre-dump script would live in the cygwin environment, which is probably > better for me anyway, since I don't know anything about Windows scripting. > If this were a Linux system, I'd tar the files up and then pass the tar to > gnupg, but I don't know if this is possible in a cygwin environment. Then, > post-dump, I'd shred (or rm, if shred is unavailable) the temporary file in > c:\foo. Well if you create a single archive or do something like tar then you will lose the benefit of pooling and will essentially just be copying over large archive files every day -- to do that you would probably better off just writing a simple cron script that would run on her own machine to encrypt her files in an archive and copy it over to a backup server on a regular schedule. BackupPC is a lot of overhead with few benefits in this situation. > 2. Some post I read somewhere suggested you could simply change your > compression method or transfer method to a script that does the encryption > before writing to disk. Nice thing about this idea is I can do all the > configuration on the server. Does sound a little scary though! Problem is if you have access to do this then you have access to read her files too so it doesn't solve her concerns (whether legitimate or not) > 3. Use scheduled tasks (or whatever the Windows equivalent of cron is) to > periodically create/delete encrypted archives, independent of BackupPC > scheduling. Probably the best of the three... > > How would you do it? What encryption software would you use? > > Cheers, > -Frank > > ---------------------------------------------------------------------- > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > > ---------------------------------------------------------------------- > _______________________________________________ > BackupPC-users mailing list > Bac...@li... > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ |
From: Cody D. <cd...@cs...> - 2010-03-23 23:01:25
|
Hi everyone, On 3/23/2010 3:41 PM, Frank J. Gómez wrote: > I have an interesting situation here. One of my users refuses to > participate in the system of backups because she's concerned about the > security of her files. She agreed to participate if I can make the > system work such that even I am unable to see the contents of her > files. She's running Windows -- XP Home, I believe. <snip> > How would you do it? What encryption software would you use? Last year I floated the idea on the list of having BackupPC handle the encryption for you using convergent encryption. This would let you pool encrypted blocks with identical content together just as the pool works now. It wouldn't solve the problem of having read access on the remote machine, but it would ensure the privacy of backups on the server. I'm no encryption expert, but it seemed possible when reading the paper (doi:10.1109/ICDCS.2002.1022312). Here is the earlier conversation: http://www.backupcentral.com/phpBB2/two-way-mirrors-of-external-mailing-lists-3/backuppc-21/convergent-encryption-98093/ Cody |
From: Luis P. <lui...@gm...> - 2010-03-24 00:00:31
|
You'll have to find a solution that leaves something final on the client, like a key, a secret. The client will eventually change and forget it. If you tie that to your backup solution, you'll end up as... the guy that can't even provide a backup solution. If encryption it is, either the encryption is client responsability, or I keep the responsability and the key. I'll try not to tie a solution I control (or at least may audit) with one I can't. A bit simplified, isn't it? :) 2010/3/23 Frank J. Gómez <fr...@cr...> > I have an interesting situation here. One of my users refuses to > participate in the system of backups because she's concerned about the > security of her files. She agreed to participate if I can make the system > work such that even I am unable to see the contents of her files. She's > running Windows -- XP Home, I believe. > > A little Googling and some brainstorming leads me to consider three courses > of action. > > 1. Use a pre-dump command to encrypt the files before BackupPC reads > her files. I've not used pre-dump commands before, so I'm not entirely sure > how they work, but I imagine I could tell BackupPC to read only c:\foo, but, > prior to doing that, run a script which takes the files in > c:\my\sensitive\junk and creates an encrypted archive in c:\foo. I assume > the pre-dump script would live in the cygwin environment, which is probably > better for me anyway, since I don't know anything about Windows scripting. > If this were a Linux system, I'd tar the files up and then pass the tar to > gnupg, but I don't know if this is possible in a cygwin environment. Then, > post-dump, I'd shred (or rm, if shred is unavailable) the temporary file in > c:\foo. > 2. Some post I read somewhere suggested you could simply change your > compression method or transfer method to a script that does the encryption > before writing to disk. Nice thing about this idea is I can do all the > configuration on the server. Does sound a little scary though! > 3. Use scheduled tasks (or whatever the Windows equivalent of cron is) > to periodically create/delete encrypted archives, independent of BackupPC > scheduling. > > How would you do it? What encryption software would you use? > > Cheers, > -Frank > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > BackupPC-users mailing list > Bac...@li... > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > > |
From: Achim <ach...@qu...> - 2010-03-24 13:15:34
|
Hello Frank: Frank J. Gómez wrote: > I have an interesting situation here. One of my users refuses to > participate in the system of backups because she's concerned about the > security of her files. She agreed to participate if I can make the > system work such that even I am unable to see the contents of her > files. She's running Windows -- XP Home, I believe. I understand that you might not be able to switch the backup solution, but Box Backup [1], Cumulus [2], duplicity [3] and brackup [4] are specifically written to what you are looking for. There is an article on achieving this with Rsync/RSYNCRYPTO/Backuppc [5], but I haven't tested it. Good luck, Achim [1] <http://boxbackup.org/> [2] <http://www.sysnet.ucsd.edu/projects/cumulus/> [3] <http://duplicity.nongnu.org/> [4] <http://code.google.com/p/brackup/> [5] <http://teddyb.org/rlp/tiki-index.php?page=Encrypted+Remote+Backups> |
From: Adam G. <mai...@we...> - 2010-03-26 04:36:25
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frank J. Gómez wrote: > Thanks for all the replies. I thought I'd hold off a bit on adding > anything new to the thread to give everyone who was inclined to respond > a chance to do so, as well as to give myself some time to digest the > information. Ditto I thought there was actually an option for rsynccrypto whereby rsync would copy all the files from the normal location to a temp folder in an encrypted format such that rsync will still be easily able to transfer changed files. Regards, Adam - -- Adam Goryachev Website Managers www.websitemanagers.com.au -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkusM30ACgkQGyoxogrTyiUUNgCfX1XLAKAVI0Gtcr9c0KMWK695 +OkAnA54n3aM36jJU7rbWPVWz/CbWhJA =/xGa -----END PGP SIGNATURE----- |
From: Frank J. G. <fr...@cr...> - 2010-03-29 14:19:16
|
This is a related question to my previous thread, although possibly slightly off-topic, so I apologize if I've offended anyone's email sensibilities. Our conversation centered around the importance of being able to recover any given employee's files in the event of their death (which is why encrypting the files pre-backup in such a way that the IT Department could not read them was not acceptable). Well, what about me? I'm the only IT person on staff, and I'm the only one with numerous credentials (logins to numerous servers, etc) that the org would need in order to continue to function without me. Currently, I'm keeping a plain-text password file on an encrypted partition of my hard drive. No one else has access to these passwords because no one else needs them in the course of their day-to-day activities. If I get hit by a bus, they are going to be in a bit of trouble. What measures do y'all have in place to ensure your employer can continue on without you? -Frank On Fri, Mar 26, 2010 at 12:09 AM, Adam Goryachev < mai...@we...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Frank J. Gómez wrote: > > Thanks for all the replies. I thought I'd hold off a bit on adding > > anything new to the thread to give everyone who was inclined to respond > > a chance to do so, as well as to give myself some time to digest the > > information. > > Ditto > > I thought there was actually an option for rsynccrypto whereby rsync > would copy all the files from the normal location to a temp folder in an > encrypted format such that rsync will still be easily able to transfer > changed files. > > Regards, > Adam > > - -- > Adam Goryachev > Website Managers > www.websitemanagers.com.au > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkusM30ACgkQGyoxogrTyiUUNgCfX1XLAKAVI0Gtcr9c0KMWK695 > +OkAnA54n3aM36jJU7rbWPVWz/CbWhJA > =/xGa > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > BackupPC-users mailing list > Bac...@li... > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > |
From: Josh M. <jm...@nr...> - 2010-03-29 14:37:51
|
On Mon, 29 Mar 2010 10:19:08 -0400, Frank J. Gómez <fr...@cr...> wrote: > course of their day-to-day activities. If I get hit by a bus, they are > going to be in a bit of trouble. What measures do y'all have in place > to ensure your employer can continue on without you? Hard-copy password sheets in a safe hardly ever fail. Get one with a combo lock and tell a trusted individual (CEO maybe? board chairman?) the code. Ideally, the sheet should be in a signature-sealed envelope (sign across the seal) so you can tell if this individual has accessed the sheet. Alternately, you can buy safes with both a key and combo lock: give 1 person the key, tell another the combination -- presto: 2-factor/2-person authentication. -- -------------------------------------------------------- Joshua Malone Systems Administrator (jm...@nr...) NRAO Charlottesville 434-296-0263 www.cv.nrao.edu 434-249-5699 (mobile) BOFH excuse #426: internet is needed to catch the etherbunny -------------------------------------------------------- |
From: John R. <rou...@re...> - 2010-03-29 14:54:28
|
On Mon, Mar 29, 2010 at 10:19:08AM -0400, Frank J. Gómez wrote: > Our conversation centered around the importance of being able > to recover any given employee's files in the event of their > death (which is why encrypting the files pre-backup in such a > way that the IT Department could not read them was not > acceptable). Well, what about me? I'm the only IT person on > staff, and I'm the only one with numerous credentials (logins > to numerous servers, etc) that the org would need in order to > continue to function without me. Currently, I'm keeping a > plain-text password file on an encrypted partition of my hard > drive. No one else has access to these passwords because no > one else needs them in the course of their day-to-day > activities. If I get hit by a bus, they are going to be in a > bit of trouble. What measures do y'all have in place to ensure > your employer can continue on without you? Where I currently work, we have 4 admins and have a password matrix with numbered passwords. We also maintain a mapping from username/account info to the password sheets. So the mapping sheet tells me that root on machine foo is password number 210. Then I look up password number 210 is on the password sheet. Since we have 4 admins and thus 4 copies of the sheet (and the admins are not co-located) we don't maintain a separate secured copy of both sheets in a safe or stored with the comptroller to be placed in the companies safe. In prior organizations I have used a mix of: putting emergency access info (including password, net boot instructions and other critical info) into fedex clear envelopes on the sides of the servers in the access controlled machine room. I would check weekly to make sure nothing was torn open or missing. the passwords were printed off weekly and stored offsite with our backup tapes. a copy of the passwords was kept with the company owner in his person safe along with the disatter recovery plan and updated whenever it changed. Basically: find out who needs access if you aren't around give them a copy of the passwords and accounts if you have multiple passwords/counts consider a seperate password only sheet and a reference sheet that says what password map to what servers. This allows you to move passwords around and easily update the mapping sheet (we keep it in twiki). But you don't need to update the actual password sheet. This keeps the sensitive info safely under lock and key and reduces the number of times it has to be updated (meaning the current safe copy of the sheet is out of date). i have never been a big fan of online encrypted keys, preferring hard copies but the master password sheet could easily be encrypted and stored on thumb drives and distributed to the people who need it. -- -- rouilj John Rouillard System Administrator Renesys Corporation 603-244-9084 (cell) 603-643-9300 x 111 |
From: Max H. <max...@ve...> - 2010-03-29 14:33:08
|
Frank J. Gómez wrote: > Our conversation centered around the importance of being able to recover > any given employee's files in the event of their death (which is why > encrypting the files pre-backup in such a way that the IT Department > could not read them was not acceptable). Well, what about me? I'm the > only IT person on staff, and I'm the only one with numerous credentials > (logins to numerous servers, etc) that the org would need in order to > continue to function without me. Currently, I'm keeping a plain-text > password file on an encrypted partition of my hard drive. No one else > has access to these passwords because no one else needs them in the > course of their day-to-day activities. If I get hit by a bus, they are > going to be in a bit of trouble. What measures do y'all have in place > to ensure your employer can continue on without you? I keep all important passwords and information in our inventory software that I use GLPI. Only three admins have access to this software. I'm just an assistant, but at least others can gain access to things in case something happens. We just had to go through a "pandemic" type deal for backup plans not too long ago. My boss was forced to write down where we store all passwords, and give an admin username and password to access the inventory software to the VPs. This is stored and locked then in the VPs office, from what I understand. Basically, as long as they know they have access, or can at least get access, there are no issues then in case the IT department vanishes. Regards, Max |