Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Encrypting backups on a VPS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Encrypting backups on a VPS

mjjohnsonmjjohnson Member
edited March 2012 in General

All this talk of using a VPS for backups has me wondering: what's the best way to encrypt the backups on the VPS? I prefer to use rsync for backing up, so backing up a single encrypted container file isn't really an option (the whole thing would have to be re-uploaded each time). However, I'm considering installing TrueCrypt on the VPS; then I can mount the container, rsync the changes, and unmount it; or I understand that encfs is a similar option. Any other options, or suggestions/improvements to what I've come up with?

Comments

  • gsrdgrdghdgsrdgrdghd Member

    Duply can encrypt files before backing them up. You could backup to a local folder and then rsync that folder to a remote site

  • MaouniqueMaounique Host Rep, Veteran

    If you mount the container at destination, the keys will be in ram over there. Same with any mounted encrypted fs. An attacker could see the encryption software and deduce where the keys are stored. It involves a lot of work and knowledge, but it is possible, especially if they take a snapshot while your encrypted FS is mounted. Not likely, tho.

    You can make an incremental backup with only the changed inodes. Depending on the changes within the container, not many inodes will change overall, as changing a file in a container doent mean all inodes change, just those related to the file and the journal with some differences between FS. Try an incremental back-up after simulating a day of changes and see how much data is tranferred.
    M

  • mjjohnsonmjjohnson Member

    Thanks for the tips. Duply looks especially interesting.

    @Maonique: is there a way to sync only parts of a container file? I'm mostly used to rsync, and as far as I know it won't do this...though I know many commercial backup systems do it.

  • MaouniqueMaounique Host Rep, Veteran

    You can do incremental inode level backups if this is what you think of.
    However, reading back I see i forgot one way to do it. Store the container remotely and mount over internet. This way the keys wont be stored in the remote memory, just on the machine you want to back-up.
    For example, mount the back-up machines NFS on the machine you are backing up, mount the container from within that NFS, sync files in the container "locally", unmount, back-up done.
    I dont think will be much slower, it actually transfers about same data, overhead should be below 10%, tho I never tested it.
    M

  • joepie91joepie91 Member, Patron Provider

    Have a look at http://www.sgenomics.org/~jtang/blog/posts/Using_tahoe-lafs_for_doing_secure_backups/ + http://tahoe-lafs.org/ + http://wiki.cryto.net/doku.php?id=guides:tahoe-lafs:installing_on_debian :)

Sign In or Register to comment.