Also, apologies. I'm new to the list and haven't introduced myself (and haven't hit a meet yet). I'm Chris, a Linux / FOSS user for the last 15 years (since Redhat 5.2ish) and live in West Sussex. I work in information, data and systems security.<br>
<br>Very much looking forward to attending my first LUG (ever!), hopefully in the new year.<br><br>Chris<br><div class="gmail_extra"><br><br><div class="gmail_quote">On 5 December 2012 09:17, Chris Edmunds <span dir="ltr"><<a href="mailto:chris.edmunds@gmail.com" target="_blank">chris.edmunds@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all (please forgive the top posting and jumping around),<br><div class="gmail_extra"><br>I did something like this recently (albeit on a single user basis) using
owncloud / s3 / encfs / my home NAS. Owncloud has multiple sync clients
(win/mac/linux), the ability to mount multiple storage points (nas,
s3, gdrive, dropbox) and the source is available.<div class="im"><br><br>"Just set up a secure connection between the server and the client to secure the data during transmission. VPN software is the way to go here"<br>
<br></div>It's been a while since I set up my instance of owncloud, but it uses a web service to transfer data, so SSL can be used to protect the session rather than setting up a VPN (although I did manage to get it working with OpenVPN). Even an SSH tunnel would simpler IMHO.<div class="im">
<br>
<br>"If the server is located in a safe place (your home)"<br><br></div>This of course assumes that you're comfortable with the risk of compromise via burglary.<div class="im"><br><br>"If the server is not trustworthy then you will need do encryption/decryption client side only. The server just stores the encrypted data it is sent."<br>
<br></div>If you can mount the remote server as a filesystem (a la s3 via s3fs) then encfs works reasonably well as client from my limited testing.<span class="HOEnZb"><font color="#888888"><br><br>Chris</font></span><div>
<div class="h5"><br><br><div class="gmail_quote">On 5 December 2012 08:47, John Crowhurst <span dir="ltr"><<a href="mailto:info@johnscomputersupport.co.uk" target="_blank">info@johnscomputersupport.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Steve,<br>
<div><br>
On 5 Dec 2012, at 08:17, Steve Dobson <<a href="mailto:steve@dobbo.org" target="_blank">steve@dobbo.org</a>> wrote:<br>
<br>
> Hi John<br>
><br>
> On 04/12/12 22:38, John Crowhurst wrote:<br>
>> Hello,<br>
>><br>
>> I'm thinking of setting up a Dropbox like system for my backups. I have<br>
>> some software that can do synchronisation on Windows and Mac computers<br>
>> but have a couple of stumbling blocks that will need to be addressed.<br>
><br>
> What software is that? I ask because it might be useful to me as a<br>
> cloud storage system for my Android devices.<br>
<br>
</div>I was using SyncBack for a while, I'm now using something called syncovery. However, it's proprietary and not free.<br>
<br>
I just wondered how Dropbox like services work and whether it is easy to setup on a remote host.<br>
<div><br>
><br>
>> How do I organise the storage? Is there a file system that does account<br>
>> based encryption/decryption on the fly? Does it have a facility to show<br>
>> how much a user has used or is that managed through quota?<br>
><br>
> I don't think that account based encryption/decryption is the right<br>
> solution here. If the server is doing encryption/decryption then that<br>
> suggests that the data is being transmitted over the ether in plain text<br>
> - a security hole.<br>
><br>
</div>If the user uses SSH, then the link is encrypted.<br>
<div>>> I looked at ecryptfs but that is an encryption layer that encrypts the<br>
>> partition by encrypting file contents but that doesn't stop someone who<br>
>> has root access from seeing their files.<br>
><br>
> File system encryption is a good fit if the storage device is not<br>
> secure, and where the key can be kept safe when the data is not being<br>
> used. Laptops are a good example here.<br>
<br>
</div>I think that depends on what you are wanting. I've noticed that ecryptfs works as an intermediary layer and encrypts the file contents, rather than the whole drive. Without the layer, the files are useless.<br>
<br>
I would have thought something like a true crypt or tcfs volume would be a better choice for a laptop as nobody can see inside the drive but the person with the key.<br>
<div>><br>
>> I hope someone has ideas to point me in the right direction.<br>
><br>
> The first question is: Whom do you trust?<br>
><br>
> If the server is located in a safe place (your home) and you trust<br>
> everyone that has access to that location (your family) then there is no<br>
> need to encrypt on the server. Just set up a secure connection between<br>
> the server and the client to secure the data during transmission. VPN<br>
> software is the way to go here<br>
<br>
</div>A home setup probably wouldn't need a VPN since everyone is effectively trusted, and wouldn't need encryption either.<br>
<div>> .<br>
><br>
> If the server is not trustworthy then you will need do<br>
> encryption/decryption client side only. The server just stores the<br>
> encrypted data it is sent.<br>
><br>
> Security is all about key management. You need to keep the key safe and<br>
> only on systems that are trustworthy.<br>
<br>
</div>I wondered how Dropbox does it, the connection is obviously encrypted but is it client side encryption or server side?.<br>
<br>
Best,<br>
<br>
John<br>
<div><div>--<br>
Sussex mailing list<br>
<a href="mailto:Sussex@mailman.lug.org.uk" target="_blank">Sussex@mailman.lug.org.uk</a><br>
E-mail Address: <a href="mailto:sussex@mailman.lug.org.uk" target="_blank">sussex@mailman.lug.org.uk</a><br>
Sussex LUG Website: <a href="http://www.sussex.lug.org.uk/" target="_blank">http://www.sussex.lug.org.uk/</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/sussex" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/sussex</a><br>
</div></div></blockquote></div><br></div></div></div>
</blockquote></div><br></div>