On-line Encrypted Backups for Your Laptop
Information on a filesystem can be encrypted to protect against unintended disclosure when a laptop is stolen; however, doing so doesn't allow you to access the files you've been working on if someone steals your laptop. If you have been traveling for a few weeks, making modifications to source code or office documents with your laptop, and it is lost or stolen, you still need to be able to access those updated files when you return home. On the other hand, if your laptop isn't stolen, you probably would like the peace of mind knowing the hard disk in the laptop is not the single point of failure for your important changes.
This article describes how to set up a system allowing backups to one or more on-line storage providers. You can choose either a free on-line storage provider or a paid service, depending on the consequences of losing your data or not having guaranteed immediate access to your backups.
You might find that many Internet connections made available to you when traveling have a very “protective” packet filtering system. For example, some hotels will filter all traffic that is not HTTP or HTTPS. Many on-line storage systems are made accessible over HTTP using the same HTTP operations performed by Web browsers. So, you still can upload your changes even when using very restrictive Internet connections. In this situation, other solutions, such as direct use of rsync over SSH, most likely will be filtered out.
One of the combinations described here should work with the most restrictive Internet connections. Two applications of on-line backups come to mind. If you are working on some documents or a smallish code tree, using Omnidrive for storage is a good free backup solution. If you have a nice digital camera and an on-line storage space that is larger, you can back up digital pictures incrementally as you travel. So, if the external 80GB drive to which you transfer your digital pictures goes missing, you won't lose your memories. The latter requires a reasonably fast (and free-of-charge) Internet connection at your hotel and that you leave the laptop on to upload overnight.
The key to making access to storage easy is using FUSE to mount the on-line storage service. Using FUSE makes all storage services look the same (or similar, to be more accurate) to the higher-level encryption and synchronization software. However, some FUSE filesystems for mounting on-line storage offer slightly different implementations, which might require some working around at higher levels.
Because you are backing up important data to a server you don't control or perhaps fully trust, the next layer should provide security to your precious data. The eCryptfs filesystem was described in the April 2007 issue of Linux Journal. EncFS is a FUSE filesystem offering filesystem encryption. Both eCryptfs and EncFS take an existing filesystem (the base) and offer a new filesystem (the encrypted filesystem). Any data that is written to the encrypted filesystem is encrypted transparently and stored onto the base filesystem. Reading data will decrypt the information transparently from the base filesystem.
So, you can have storage mounted as FUSE (call this ~/rawfs) and then remounted with EncFS (at another mountpoint, ~/backupfs). Files copied to ~/backupfs are encrypted and saved to ~/rawfs, which then saves them to the on-line storage (Omnidrive, GMailfs, sshfs, Openomy, Amazon S3—whichever you mount using FUSE at ~/rawfs).
The simplest way to keep your backup fresh is to use rsync(1) from your local data (perhaps in ~/documents) to your encrypted on-line filesystem.
Testing for this article was performed on a Fedora 7 machine. Some of the commands shown here, such as package installation commands, may be specific to the Fedora distribution.
Depending on your Linux distribution, you may need to add your user to the fuse group to be able to mount FUSE filesystems as a nonroot user. On Fedora 7, you would run the following command to enable the user ben to mount FUSE filesystems:
usermod -a -G fuse ben
Next, let's examine some different on-line storage providers and how to mount them with FUSE.
OmniFS allows you to mount the Omnidrive storage provider as a FUSE filesystem. Installation and use of OmniFS goes like this:
$ tar xjvf omnifs-0.3.0.tar.bz2 $ cd ./omnifs-0.3.0 $ ln -s /usr/include/fuse /usr/local/include/fuse $ ./configure $ make $ su -l # make install # ldconfig # cp sample.cfg ~ben/my-omnifs.cfg # chown ben.ben ~ben/my-omnifs.cfg # exit $ id -u -n ben $ cd ~ $ edit my-omnifs.cfg ... change login, password, api-key and api-private-key set omnifs-log-file = /home/ben/omnifs.log either comment out the proxy setting or set proxy settings to be valid ... $ mkdir ~/rawfs $ omnifs -c my-omnifs.cfg ~/rawfs
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
- AdaCore's SPARK Pro
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide