> While playing with BackupPC, I realised that having a centralised
> backup server where all the important files are kept can represent a
> major security risk. If someone "roots" the backup server, the
> attacker has access to every important files in the business.
> Wouldn't it be a good idea to use an encryption system so that only a
> particular user can restore their files. This could be done
> relatively easily using a public key system (PGP/GPG): every user has
> a private/public key pair. A copy of the user's public key is on the
> backup server. Before backuppc stores a file on disk, it encrypts it
> with the user's public key. The user's private key would be needed to
> restore the files.
> It seems to me that it wouldn't break BackupPC's pooling mechanism as
> long as the md5 of the files are taken before they're encrypted.
The pooling performance would be significantly reduced, since
only a single client's files could be pooled. Identical files
from different clients would be different after encryption, so
would not be pooled.
Also, BackupPC currently uncompresses pool files to compare them
with incoming new files, since that's a lot more efficient than
compressing and then comparing. With public key encryption every
incoming file would have to be compressed and encrypted, since
BackupPC could not reverse the encryption. This would mean a lot
more cpu time.
> I know that by having superuser access to the backup server, an
> attacker gets every computer smb/ssh password in backuppc's config
> file and will eventually be able to access every file anyway. But he
> still would have to connect to every computer and download the files;
> rather than having instant access to all of them.
> I'm not sure if it's worth the trouble to implement. I'm sure that
> there would be lots of problems like "I had not backuped my private
> key" or "I backuped my private key with my other files using
The idea is worth considering. For some users it might be considered
worthwhile. The cost of the extra data security is maybe 4x pool
storage and 10x server cpu load.
In any case, the integrity of the BackupPC server is critical. This
machine should have all unused services turned off and it should be
up to date with the latest security patches.