Professional way to make secure backups
 

Hello,

I have a server with a RAID5 array with important data on it, so of course I would like to make offsite backups. I have an external harddisk that is big enough to put these backups on. The problem here is that I want to maintain the same CIA values(confidentiality, Integrety and Availability) when I put this external harddisk somewhere else it'll influence the confidentiality too much if the data is just on there. So encryption of the data might solve my problem but how do I do this?

I want to make regular backups using preferably rsync(or something like that) and I want to keep the file permissions the same so I can just turn the backup around and go back a version. Also I want this to be done within a few hours over a gb connection.

What is the "professional" and secure way to do this?

I've read about encrypted filesystems and encrypted containers for the files but it's hard to pick something and I'd like to know what is usually used.

backups from my laptop to the server with raid5 are already done using a custom rsync script.but there are more systems that use the backup server and they all need to be able to access their data in a secure way.

thanks in advance!

rsync is using ssh transport by default so is encrypting/decrypting the data transfer. That alone is going to slow things down. If you write to/read from an encrypted filesystem I suspect it would slow things down even further.

What you might want to do is look for another backup utility. Bacula is one I see mentioned frequently though I don't use it. (We use commercial NetBackup which has its own ecryption stuff.) On checking to see if Bacula does encrypted backups I found it does:

http://www.bacula.org/en/dev-manual/...ncryption.html

isn't Bacula something for scheduled backups? all I want to do is make a manual backup every week, to an external harddisk where I can preferably verify the integrity(checksum?) and also recover files and permissions from.

Yes it is but you can configure it with no schedules and run jobs either manually (from the Bat GUI or the bconsole shell) or by script.

Thank you all for thinking along!
I'm going to virtualise a server to test this out. Only thing is... the harddrive is connected to my laptop, an ubuntu machine that I use for multiple purposes, I don't need the off site backups to be done too often, but I do want them secure.

Isn't there an easier way where I can just backup everything to an encrypted file that I can open (say with a password?) and that also has checksums for the files? I do want my integrety and confidentiallity to be secure and I might even want to try and also backup my gb's to a shared public drive somewhere and for this I want to make sure it's not tampered with when I do a recovery.

Almost certainly! Configuring Bacula is no-trivial; it is an enterprise level solution with the power (and associated complexity!) that implies.

tar (and others) could be used for the backup and gpg (and others) could be used to encrypt the tarball. Nice to keep checksums for both the encrypted and unencrypted files.

I'm assuming that the external drive is local to your laptop, and you want a local copy of all your backups on the raid 5 server.

You can create a LUKS encrypted partition on the external drive. Mount the partition, then use whatever method you want to download the backups on the RAID5 server.

When you unmount and disconnect the external drive, it will be encrypted.

Yes that is exactly what I need! Going to try http://tipstrickshowtos.blogspot.com...into-your.html later.

All I need now is to verify that what is on the file system is also what is on the disk... are there any easy tools for that?

I've tried this with a usb drive on ubuntu and it worked great! now trying the same with the harddisk connected to the server and I'm running into: http://www.linuxquestions.org/questi...-error-938345/

:(

okay, did it using my laptop over the network.