[Sussex] Dropbox like system

Chris Edmunds chris.edmunds at gmail.com
Wed Dec 5 09:20:57 UTC 2012


Also, apologies. I'm new to the list and haven't introduced myself (and
haven't hit a meet yet).  I'm Chris, a Linux / FOSS user for the last 15
years (since Redhat 5.2ish) and live in West Sussex.  I work in
information, data and systems security.

Very much looking forward to attending my first LUG (ever!), hopefully in
the new year.

Chris


On 5 December 2012 09:17, Chris Edmunds <chris.edmunds at gmail.com> wrote:

> Hi all (please forgive the top posting and jumping around),
>
> I did something like this recently (albeit on a single user basis) using
> owncloud / s3 / encfs / my home NAS. Owncloud has multiple sync clients
> (win/mac/linux), the ability to mount multiple storage points (nas, s3,
> gdrive, dropbox) and the source is available.
>
>
> "Just set up a secure connection between the server and the client to
> secure the data during transmission.  VPN software is the way to go here"
>
> It's been a while since I set up my instance of owncloud, but it uses a
> web service to transfer data, so SSL can be used to protect the session
> rather than setting up a VPN (although I did manage to get it working with
> OpenVPN).  Even an SSH tunnel would simpler IMHO.
>
>
> "If the server is located in a safe place (your home)"
>
> This of course assumes that you're comfortable with the risk of compromise
> via burglary.
>
>
> "If the server is not trustworthy then you will need do
> encryption/decryption client side only.  The server just stores the
> encrypted data it is sent."
>
> If you can mount the remote server as a filesystem (a la s3 via s3fs) then
> encfs works reasonably well as client from my limited testing.
>
> Chris
>
>
> On 5 December 2012 08:47, John Crowhurst <info at johnscomputersupport.co.uk>wrote:
>
>> Hi Steve,
>>
>> On 5 Dec 2012, at 08:17, Steve Dobson <steve at dobbo.org> wrote:
>>
>> > Hi John
>> >
>> > On 04/12/12 22:38, John Crowhurst wrote:
>> >> Hello,
>> >>
>> >> I'm thinking of setting up a Dropbox like system for my backups. I have
>> >> some software that can do synchronisation on Windows and Mac computers
>> >> but have a couple of stumbling blocks that will need to be addressed.
>> >
>> > What software is that?  I ask because it might be useful to me as a
>> > cloud storage system for my Android devices.
>>
>> I was using SyncBack for a while, I'm now using something called
>> syncovery. However, it's proprietary and not free.
>>
>> I just wondered how Dropbox like services work and whether it is easy to
>> setup on a remote host.
>>
>> >
>> >> How do I organise the storage? Is there a file system that does account
>> >> based encryption/decryption on the fly? Does it have a facility to show
>> >> how much a user has used or is that managed through quota?
>> >
>> > I don't think that account based encryption/decryption is the right
>> > solution here.  If the server is doing encryption/decryption then that
>> > suggests that the data is being transmitted over the ether in plain text
>> > - a security hole.
>> >
>> If the user uses SSH, then the link is encrypted.
>> >> I looked at ecryptfs but that is an encryption layer that encrypts the
>> >> partition by encrypting file contents but that doesn't stop someone who
>> >> has root access from seeing their files.
>> >
>> > File system encryption is a good fit if the storage device is not
>> > secure, and where the key can be kept safe when the data is not being
>> > used.  Laptops are a good example here.
>>
>> I think that depends on what you are wanting. I've noticed that ecryptfs
>> works as an intermediary layer and encrypts the file contents, rather than
>> the whole drive. Without the layer, the files are useless.
>>
>> I would have thought something like a true crypt or tcfs volume would be
>> a better choice for a laptop as nobody can see inside the drive but the
>> person with the key.
>> >
>> >> I hope someone has ideas to point me in the right direction.
>> >
>> > The first question is: Whom do you trust?
>> >
>> > If the server is located in a safe place (your home) and you trust
>> > everyone that has access to that location (your family) then there is no
>> > need to encrypt on the server.  Just set up a secure connection between
>> > the server and the client to secure the data during transmission.  VPN
>> > software is the way to go here
>>
>> A home setup probably wouldn't need a VPN since everyone is effectively
>> trusted, and wouldn't need encryption either.
>> > .
>> >
>> > If the server is not trustworthy then you will need do
>> > encryption/decryption client side only.  The server just stores the
>> > encrypted data it is sent.
>> >
>> > Security is all about key management.  You need to keep the key safe and
>> > only on systems that are trustworthy.
>>
>> I wondered how Dropbox does it, the connection is obviously encrypted but
>> is it client side encryption or server side?.
>>
>> Best,
>>
>> John
>> --
>> Sussex mailing list
>> Sussex at mailman.lug.org.uk
>> E-mail Address: sussex at mailman.lug.org.uk
>> Sussex LUG Website: http://www.sussex.lug.org.uk/
>> https://mailman.lug.org.uk/mailman/listinfo/sussex
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/sussex/attachments/20121205/54872b1a/attachment-0001.html>


More information about the Sussex mailing list