Encrypted Snapshotted Remote Backup

I just read about Colin Percival's idea for an encrypted snapshotted remote backup service.

Please read his post for more information. Colin would like to know if you would find such a service useful. He appreciates any feedback you send, and since he reads this blog he will see comments posted here. Thank you.

Comments

Anonymous said…
Colin,

I'd definitely be interested in this for some small business clients of mine that are looking to purchase backup systems. I'd use it myself. By the way, I know you're a FreeBSD guy, but you might want to take a look at Sun's X4500 (aka Thumper) for storing the data. 24TB in one box!
11:37 AM
Anonymous said…
Is he familiar with BoxBackup? http://www.fluffy.co.uk/boxbackup/ is an open source tool to have versioned remote incremental encrypted backup tool.
12:42 PM
Anonymous said…
For Windows users, a service from Mozy.com, is doing encrypted off-site backups. I use it personally and think is great. I even paid the annual fee for the full 30GB service.

If I they had a Linux client, I would use it as well.
2:44 PM
Anonymous said…
I thought I was the only one who ever thought of this and then I found duplicity.

http://duplicity.nongnu.org/

It is also in the ports collection as sysutils/duplicity.

-Corey Smith
8:10 PM
Anonymous said…
Thanks to all the people who have offered suggestions; and thanks, Richard, for directing people to my post. Unfortunately none of the suggestions offered are adequate to my needs; see http://www.daemonology.net/blog/2006-09-14-more-about-backup.html for details.
1:05 AM
Anonymous said…
If you are narrowly focusing on FreeBSD, you are likely to find a niche that you can satisfy technically, but I would question its commercial viability. IronMountain bought the LiveVault service a few years back and have thrown resources towards it. PC coverage starts at $15/mo for unlimited data storage. Server provides the ability to backup open files and databases on Linux, Solaris and MS servers.
http://www.livevault.com/solutions/smb/datasheet.aspx

fwiw,

John
12:54 AM
Anonymous said…
None of the existing backup solutions seem to fit the criteria that Colin has set. So yes, I'd love to see this implemented.

I was running rdiff-backup (the non-encrypted version of duplicity) for a while but was scared off by the use of Python "pickle" format data files. Too often I ended up trashing the entire backup archive containing snapshots going back in time and starting again with a full backup.

I am in complete agreement with Tim Bray that the backup solution must use no proprietary (or undocumented) formats. In other words, use tar and bzip2 unless there is a really good reason not to.

My current solution is a set of scripts to tar and bzip, followed by manual intervention (bad I know) to encrypt using GnuPG and upload to Amazon S3. I would very much like to see a cross-platform and well-maintained script to do this automatically.

BTW Amazon S3 is by far and away the best off-site backup destination for me. Thanks to S3 I'll never have to deal with crappy unreliable tapes ever again.
9:46 PM
Anonymous said…
"If you are narrowly focusing on FreeBSD, you are likely to find a niche that you can satisfy technically, but I would question its commercial viability."

I think this is why the project should be open source (BSD licensed). Folks make money off supporting open source version control, security monitoring, operating systems (in NAS various embedded devices etc.) and other network infrastructure type apps despite the existence of commercial equivalents. Mostly becaseu some orgs *must* host their own stuff. There's no reason why someone like Colin couldn't offer the service *and* sell his skills to the highest bidder.

The question is can he code up this cool application in his spare time? Maybe if some financial collaborators could come up with sufficient money to support him for a long enough time while he worked on it we could make the "encrypted backup" equivalent of apache available to the world.
6:03 PM
RonnieTanner said…
there is another online backup product called disksave.. it works with MacOS and can backup mysql databases to an encrypted file set on a remote server. You can then restore any files you want from anywhere as long as you have the encrypting key

http://www.disksave.com
10:01 AM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more