Re: Encrypted partition backups.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 13, 2009 at 09:40:47 -0700,
  Robin Laing <Robin.Laing@xxxxxxxxxxxxxxx> wrote:
>
> I am about to install a system where each users home directory will be  
> encrypted and mounted on login and unmounted on logout.
>
> Is there a tool that allows partition backups of only the changes as  
> with incremental backups?  Do we just have to clone the partition and  
> make copies of that each time?

Not that I am aware of. In theory if changes to their directories makes only
localized changes to the encrypted data, then you could just save the
changed blocks. This will leak some information, but that information would
be available to people who could see multiple backup tapes in any case,
so it may not be a big deal.

> It is a question that I have posed to our IT staff and they have not  
> thought about it either.

It's a bit late in the game to do this, as how you do the encryption should
be coordinated with your backup strategy.

There are also some issues with backing up key material. If you are say
using luks to encrypt the home directories, having backups of the encrypted
keys has some additional risks and deleting old pass phrases doesn't work
on the backed up copies. Depending on your threat model and how some
compromises are handled this might be acceptible. But it is still something
to take into consideration.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux