Re: How do I protect my "dump" sets against physical theft?



ToddAndMargo wrote:

Hi All,

I have a series of removable disks that I use to put
my "dump" backup sets on. If one of these disks gets
stolen, it will be a serious problem.

Anyone have any advice as to how to make the data
useless to any potential thief? Encryption, passwords,
etc..?

Many thanks,
-T

As someone else mentioned you can use an encrypted file system. It works
best if you do this with /home, but if you have important data on other file
systems you might find that it works acceptably.

There are several solutions for automatic encryption of data written to the
disk. There can be some concerns with these. If you do an upgrade it's
really best to export a tar/pax archive beforehand, and encrypt that
tarball, so that if there is a problem with dm-crypt or something else, you
can recover your data.

You can encrypt files with the openssl utility. It supports a variety of
encryption algorithms.

Here is a script that should work for encryption:

#!/bin/sh

openssl enc -aes-256-cbc -salt -in $1 -out $2


Here is a decryption script:

#!/bin/sh

openssl enc -d -aes-256-cbc -salt -in $1 -out $2

There are also hardware crypto devices you can get to offload the cost of
encryption. In general the average desktop usage of a disk wouldn't require
a hardware crypto device or crypto accelerator.

You may also find it useful to use an encrypted swap file, depending on your
setup, and paranoia. :-)

-George

.