Hello, niedz., 11 sie 2019 o 14:35 Lauri Kiiski <lauri.kii...@iki.fi> napisał(a):
> I would like to encrypt all my data while in transit and at rest. Where > unencrypted file metadata is stored? Data Encryption documentation ( > https://www.bacula.org/5.2.x-manuals/en/main/main/Data_Encryption.html) > explains the following. > > "The implementation does not encrypt file metadata such as file path > names, permissions, and ownership. Extended attributes are also currently > not encrypted. However, Mac OS X resource forks are encrypted.” > > Where is this file metadata stored and handled? All metadata mentioned above are stored on volumes. Some of them are stored in database too. Both stored information is not encrypted. > Is this metadata the File Attributes described at end of this page > https://www.bacula.org/5.2.x-manuals/en/main/main/What_is_Bacula.html ? > Is this file metadata then stored unencrypted at the following locations? > - Volumes > - Catalog > Is this unencrypted data then exposed to the following components? > - Storage Daemon > - Director > - File Daemon, quite naturally > I do not understand the question. The stored metadata (volumes or catalog) is never exposed to file daemon. So "quite naturally" is a strange assumption here. :) Director has no access to volumes and storage daemon has no access to catalog, naturally. :) > Also, this information needs to then travel the network connections in the > picture where it says File Attributes? I suppose I can then use Bacula TLS ( > https://www.bacula.org/5.2.x-manuals/en/main/main/Bacula_TLS_Communications.html) > to protect all that unencyrpted data between the File Daemon, Storage > Daemon and Director. Securing Director - Catalog DBMS connection is then > out of scope of Bacula. Encrypting those will ensure my data is protected > while in transit? > Yes, if you want to secure all your transmission over the network then you should use Bacula TLS. > In order to encrypt all data in transit and at rest I need to > - Enable Data Encryption for the Volumes > There is no such functionality. > - Configure Bacula TLS > Yes. > - Encrypt database connectivity to Catalog DBMS or host it at Director > Yes. > - Encrypt disks on the machines having these components: File Daemon, > Director, Catalog, Storage Daemon, Physical Media > Eeeee, I do not understand. What do you want to keep secret? Did you know that a double encryption does not increase the security level? best regards -- Radosław Korzeniewski rados...@korzeniewski.net
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
