[plug] encrypting drives on a samba server and backups

[Ari]

I've done a little more research from the ideas presented here and am 
about to have a go at implementing things. I was wondering what the 
argument against using ecryptfs would be? Is there a way I could 
implement this for him without having to have him rsync all his data 
back to his server from the backup drives and then rsync it back to the 
backup drives after encrypting them? Such as encrypting the partitions 
in situ?

Ari

Phillip Bennett wrote:
> Ari wrote:
>> Hi all,
>>
>> Okay, I need some guidance here. I've helped a mate get started with
>> linux and he's happy using a FC11 install as a samba server (he wanted a
>> copy of what I had, but with more hard drives for backing up his video
>> editting, documents, etc etc). All is well with that, but after a recent
>> theft he's worried about his files being accessed if the server or the
>> backup drives are stolen. I'm not really sure where to start for
>> encrypting things but still having them available to all his windows
>> PCs. He has 3TB of storage drives (the FC11 install is on a separate
>> small 40GB drive) with the entire drives shared via samba. I've got him
>> using rsync for his backups to his external usb drives. Is it possible
>> to encrypt the samba shared drives and still have samba be able to use
>> them? What about the backups with rsync? I'm reluctant to admit I've
>> never worked with encryption on linux drives before, and I know I really
>> really should have as it's the sort of security measure that I should
>> know about. Help please :-(
>>
>> TIA,
>>
>> Ari
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://www.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.linux.org.au
>>
>>
>>
>
> Hi,
>
> You could always try out LUKS encryption.  It's pretty standard with
> RedHat and probably fedora - my home box is off right now, so can't
> check for you..  Basically, you create an encrypted partition that gets
> opened at boot with a password.  You can even dictate the strength of
> the encryption when you set it up.  Once it's opened with the password,
> it will be seen by the operating system as just another block device
> that can be formatted as whatever you like (etx2/3, fat32, etc..) so
> samba would be able to see it and share it as if it was just another
> filesystem.  Once powered off, the encrypted data is inaccessible
> without the password.  We use it here in the Scottish Blood Service for
> keeping patient data secure on our mobile devices (laptops).
>
> Hth,
> Phil.
>
>
> ******************************************************************************************************************** 
>
>
> This message may contain confidential information. If you are not the 
> intended recipient please inform the
> sender that you have received the message in error before deleting it.
> Please do not disclose, copy or distribute information in this e-mail 
> or take any action in reliance on its contents:
> to do so is strictly prohibited and may be unlawful.
>
> Thank you for your co-operation.
>
> NHSmail is the secure email and directory service available for all 
> NHS staff in England and Scotland
> NHSmail is approved for exchanging patient data and other sensitive 
> information with NHSmail and GSI recipients
> NHSmail provides an email address for your career in the NHS and can 
> be accessed anywhere
> For more information and to find out how you can switch, visit 
> www.connectingforhealth.nhs.uk/nhsmail
>
> ******************************************************************************************************************** 
>
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>