> On 14 Aug 2019, at 22.37, Josh Fisher <jfis...@pvct.com> wrote:
>
>
> On 8/14/2019 12:51 PM, Martin Simmons wrote:
>>>> I think, though, that Lauri is referring to encrypt the metadata that is
>>>> stored unencrypted in a disk volume by somehow encrypting the whole disk.
>>>>
>>> This is a main point! When he encrypt the whole filesystem then it is
>>> useless (and time consuming) to double encrypt backup data with Bacula.
>> Doesn't that depend on the relative secrecy of the data v.s. the metadata?
>> If
>> the data is much more secret then it might be worthwhile to encrypt it (on
>> the
>> client) in case the SD's filesystem can be read while the disk is mounted
>> (i.e. when it is not protected by the encrypted filesystem).
>
> If the SD stores on an encrypted FS and Bacula data encryption is not used,
> then that data is secure unless the SD is compromised. If the SD is
> compromised such that the encrypted FS is mounted and accessible, then the
> attacker gains access to the data for all FDs. In the case where Bacula data
> encryption is used and the SD stores on unencrypted disk, then it is better
> protected from a SD compromise, since the attacker still would not have the
> FD keys.
> Since the SD FS being used for volume storage is likely to be mounted in the
> event of a SD compromise, I see little value in using both, the exception
> being perhaps when removable disks are used and stored offline. Bacula data
> encryption seems the better choice except when the performance hit on the
> clients is too great, such as when clients have very weak hardware.
>
Great discussion! You were able to describe many of my points to encrypt the
data. I will setup disk encryption on each component.
I want to encrypt all the data and metadata to protect against a physical not
so sophisicated theft where someone would just unplug the devices and take
them. Full disk encryption on each component helps against that. Also, I have
those clients with weak performance. In addition to that, I want to have the
backup data encrypted even when the SD encrypted disk is mounted. As said, data
encryption on volumes protects for example against SD compromise but
unfortunately not for the metadata. At the end, all the backups shouldn’t be at
the same physical location and the FDs as well might be in several locations or
mobile.
Regarding the performance of having several layers of encryption. I believe the
full disk encryption on SD or any other component shoudn’t be the bottle neck.
The bottle neck must be the volume data encryption or network depending on the
clients.
Just wonderful, I have typo on the subject :)
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
