On 8/14/2019 12:51 PM, Martin Simmons wrote:
I think, though, that Lauri is referring to encrypt the metadata that is
stored unencrypted in a disk volume by somehow encrypting the whole disk.
This is a main point! When he encrypt the whole filesystem then it is
useless (and time consuming) to double encrypt backup data with Bacula.
Doesn't that depend on the relative secrecy of the data v.s. the metadata? If
the data is much more secret then it might be worthwhile to encrypt it (on the
client) in case the SD's filesystem can be read while the disk is mounted
(i.e. when it is not protected by the encrypted filesystem).
If the SD stores on an encrypted FS and Bacula data encryption is not
used, then that data is secure unless the SD is compromised. If the SD
is compromised such that the encrypted FS is mounted and accessible,
then the attacker gains access to the data for all FDs. In the case
where Bacula data encryption is used and the SD stores on unencrypted
disk, then it is better protected from a SD compromise, since the
attacker still would not have the FD keys.
Since the SD FS being used for volume storage is likely to be mounted in
the event of a SD compromise, I see little value in using both, the
exception being perhaps when removable disks are used and stored
offline. Bacula data encryption seems the better choice except when the
performance hit on the clients is too great, such as when clients have
very weak hardware.
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
