mixed system backups
David Blackman
david at prometheus.com.au
Thu Jan 3 20:37:14 EST 2002
Damien Elmes wrote:
>
> Kim Holburn <kim.holburn at anu.edu.au> writes:
>
> > > > Any pointers - even alternatives to rsh from the more security wise.
> > >
> > >ssh with RSA or DSA keys.
> >
> > Forget it unless you want to have your machines spend 90% of their time
> > encrypting and decrypting.
>
> depends on the speed of the machines. alternative ciphers are also available,
> some of which trade off some level of encryption but result in a marked
> speedup.
>
> behind a company firewall it's probably not a problem, but if that data stored
> say, confidential billing information, it would be nice not to have other
> employees have access to it if they're just sitting on the network.
>
> --
> Damien Elmes
> resolve at repose.cx
The Blowfish cypher is probably the fastest one on ssh, and it is
probably as strong as the other options. It runs faster than the hard
disc and network on most modern computers.
Running with RSA or DSA keys as root is better than nothing, but it does
mean that if someone cracks the machine doing the backup they crack all
the machines being backed up as well, unless you are prepared to sit
there typing pass-phrases as the backup script runs. Hope your firewall
is good, and maybe you need a second one for just the backup machine.
Another alternative is to run a NFS or Samba share, access as root, but
read only, and only accessible by the backup machine. Even if someone
gets on your lan, the best they do exploiting this is read your files,
not write them.
More information about the linux
mailing list