> Hello Heitor, Hello Kern, > I recommend that you check the details of the BEE automatic encryption > feature. > If I am not mistaken you are referring to the new PSK (private shared key) > that > BEE uses for authentication. This means that Bacula will be much more secure > against man-in-the-middle attacks and such. However, I don't think it helps > with data encryption.
If it is that the case the manual is very misleading: "Automatic TLS Encryption Starting with Bacula Enterprise 12.0, all daemons and consoles are now using TLS automatically for all network communications. It is no longer required to setup TLS keys in advance. It is possible to turn off automatic TLS PSK encryption using the TLS PSK Enable directive. " Ref.: New Features in Bacula Enterprise 12.0 > I am currently trying to get it into the next community version. I believe > that > the person who implement the BEE PSK is or will be working on creating a > community patch for it ... > Best regards, Regards, > Kern > On 8/14/19 3:50 PM, Heitor Faria wrote: > Hello Lauri (forgot to copy the group), >> >Also, this information needs to then travel the network connections in >> >the picture where it says File Attributes? I suppose I can then use >> >Bacula TLS >>>( [ >>>https://www.bacula.org/5.2.x-manuals/en/main/main/Bacula_TLS_Communications.html >>>| >>>https://www.bacula.org/5.2.x-manuals/en/main/main/Bacula_TLS_Communications.html >> >] ) >> >to protect all that unencyrpted data between the File Daemon, Storage >> >Daemon and Director. Securing Director - Catalog DBMS connection is >> >then out of scope of Bacula. Encrypting those will ensure my data is >> >protected while in transit? >> >In order to encrypt all data in transit and at rest I need to >> >- Enable Data Encryption for the Volumes >> >- Configure Bacula TLS > I guess if you use data encryption you dont need to use TLS, because data is > already encrypted. > If you just to encrypt transferred data you only need TLS. > Anyway, BEE has a very exciting new feature which is automatic TLS, much > easier > to set up. Not sure if it will be available in Community Bacula next V. 11 > release. > Regards, > -- > MSc Heitor Faria > CEO Bacula LATAM > mobile1: + 1 909 655-8971 > mobile2: + 55 61 98268-4220 > [ https://www.linkedin.com/in/msc-heitor-faria-5ba51b3 ] > [ http://www.bacula.com.br/ ] > América Latina > [ http://bacula.lat/ | bacula.lat ] | [ http://www.bacula.com.br/ | > bacula.com.br ] > _______________________________________________ > Bacula-users mailing list [ mailto:Bacula-users@lists.sourceforge.net | > Bacula-users@lists.sourceforge.net ] [ > https://lists.sourceforge.net/lists/listinfo/bacula-users | > https://lists.sourceforge.net/lists/listinfo/bacula-users ] -- MSc Heitor Faria CEO Bacula LATAM mobile1: + 1 909 655-8971 mobile2: + 55 61 98268-4220 [ https://www.linkedin.com/in/msc-heitor-faria-5ba51b3 ] [ http://www.bacula.com.br/ ] América Latina [ http://bacula.lat/ | bacula.lat ] | [ http://www.bacula.com.br/ | bacula.com.br ]
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
