In the most serious companies, backup is a really important thing, one of the most important probably. But sometimes more important is a question about security of this saved data. Usually backup is comprehensive of data from many systems and it’s stored in a special device (NAS). This data is more volunerable because they are stored “raw” in a backup device which is usually different machine. And it can be a problem because some admins don’t bother about security of backup servers.
You should encrypt your backup data always is possible. Automatically. But the form of encryption must be smart. First think may be use of symmetric encryption. But it’s wrong. If you use a symmetric encryption in your scripts then your scripts have to know the password. This is a big security gap, because the password must be stored in any form in your script, but atleast, in some moments, script must use it as a plain text. Hence don’t try to shade your code because you will lose your time in general. These moments are easy to catch.
To automatically encrypt your data you should use assymetric encryption algorithms which are implemented in GnuPG for example.
gpg -e -r "Name of owner key" -o file.gz.gpg file.gz rm -f file.gz
During assymetric encryption, you data are encrypted by your public key, and can be decrypted by your secret key. You don’t need to enter your password during encryption, but you have to, if you want to decrypt something. It’s an excelent solution. To decrypt your data, you have to write:
gpg -d -r "Name of owner key" -o file.gz file.gz.gpg
Leave a Reply
You must be logged in to post a comment.