[Sussex] Dropbox like system

paul jones jonespm at mail2Dad.com
Thu Dec 6 21:07:18 UTC 2012


Any chance of covering this at one of the meets?
I never seem to get there but this is a subject that I have thought
about for some time but lack the know how. 
If we could perhaps make the session one of discovery and could come up
with a workable and flexible solution?

Paul J
<-----Original Message-----> 
>From: Chris Edmunds [chris.edmunds at gmail.com]
>Sent: 12/5/2012 9:23:52 AM
>To: sussex at mailman.lug.org.uk
>Subject: Re: [Sussex] Dropbox like system
>
>Also, apologies. I'm new to the list and haven't introduced myself (and
haven't 
>hit a meet yet). I'm Chris, a Linux / FOSS user for the last 15 years
(since 
>Redhat 5.2ish) and live in West Sussex. I work in information, data and
systems 
>security.
>
>Very much looking forward to attending my first LUG (ever!), hopefully
in the new 
>year.
>
>Chris
>
>
>
>
>On 5 December 2012 09:17, Chris Edmunds <chris.edmunds at gmail.com>
wrote:
>
>Hi all (please forgive the top posting and jumping around),
>
>
>I did something like this recently (albeit on a single user basis)
using 
>owncloud / s3 / encfs / my home NAS. Owncloud has multiple sync clients
(win/mac/
>linux), the ability to mount multiple storage points (nas, s3, gdrive,
dropbox) 
>and the source is available.
>
>
>"Just set up a secure connection between the server and the client to
secure the 
>data during transmission. VPN software is the way to go here"
>
>
>It's been a while since I set up my instance of owncloud, but it uses a
web 
>service to transfer data, so SSL can be used to protect the session
rather than 
>setting up a VPN (although I did manage to get it working with
OpenVPN). Even an 
>SSH tunnel would simpler IMHO.
>
>
>"If the server is located in a safe place (your home)"
>
>
>This of course assumes that you're comfortable with the risk of
compromise via 
>burglary.
>
>
>"If the server is not trustworthy then you will need do
encryption/decryption 
>client side only. The server just stores the encrypted data it is
sent."
>
>
>If you can mount the remote server as a filesystem (a la s3 via s3fs)
then encfs 
>works reasonably well as client from my limited testing.
>
>Chris
>
>
>
>On 5 December 2012 08:47, John Crowhurst
<info at johnscomputersupport.co.uk> wrote:
>
>Hi Steve,
>
>
>On 5 Dec 2012, at 08:17, Steve Dobson <steve at dobbo.org> wrote:
>
>> Hi John
>>
>> On 04/12/12 22:38, John Crowhurst wrote:
>>> Hello,
>>>
>>> I'm thinking of setting up a Dropbox like system for my backups. I
have
>>> some software that can do synchronisation on Windows and Mac
computers
>>> but have a couple of stumbling blocks that will need to be
addressed.
>>
>> What software is that? I ask because it might be useful to me as a
>> cloud storage system for my Android devices.
>
>
>I was using SyncBack for a while, I'm now using something called
syncovery. 
>However, it's proprietary and not free.
>
>I just wondered how Dropbox like services work and whether it is easy
to setup on 
>a remote host.
>
>
>>
>>> How do I organise the storage? Is there a file system that does
account
>>> based encryption/decryption on the fly? Does it have a facility to
show
>>> how much a user has used or is that managed through quota?
>>
>> I don't think that account based encryption/decryption is the right
>> solution here. If the server is doing encryption/decryption then that
>> suggests that the data is being transmitted over the ether in plain
text
>> - a security hole.
>>
>
>If the user uses SSH, then the link is encrypted.
>
>>> I looked at ecryptfs but that is an encryption layer that encrypts
the
>>> partition by encrypting file contents but that doesn't stop someone
who
>>> has root access from seeing their files.
>>
>> File system encryption is a good fit if the storage device is not
>> secure, and where the key can be kept safe when the data is not being
>> used. Laptops are a good example here.
>
>
>I think that depends on what you are wanting. I've noticed that
ecryptfs works as 
>an intermediary layer and encrypts the file contents, rather than the
whole 
>drive. Without the layer, the files are useless.
>
>I would have thought something like a true crypt or tcfs volume would
be a better 
>choice for a laptop as nobody can see inside the drive but the person
with the 
>key.
>
>>
>>> I hope someone has ideas to point me in the right direction.
>>
>> The first question is: Whom do you trust?
>>
>> If the server is located in a safe place (your home) and you trust
>> everyone that has access to that location (your family) then there is
no
>> need to encrypt on the server. Just set up a secure connection
between
>> the server and the client to secure the data during transmission. VPN
>> software is the way to go here
>
>
>A home setup probably wouldn't need a VPN since everyone is effectively
trusted, 
>and wouldn't need encryption either.
>
>> .
>>
>> If the server is not trustworthy then you will need do
>> encryption/decryption client side only. The server just stores the
>> encrypted data it is sent.
>>
>> Security is all about key management. You need to keep the key safe
and
>> only on systems that are trustworthy.
>
>
>I wondered how Dropbox does it, the connection is obviously encrypted
but is it 
>client side encryption or server side?.
>
>Best,
>
>John
>
>--
>Sussex mailing list
>Sussex at mailman.lug.org.uk
>E-mail Address: sussex at mailman.lug.org.uk
>Sussex LUG Website: http://www.sussex.lug.org.uk/
>https://mailman.lug.org.uk/mailman/listinfo/sussex 


<span id=m2wTl><p><font face="Arial, Helvetica, sans-serif" size="2" style="font-size:13.5px">_______________________________________________________________<BR>Get the Free email that has everyone talking at <a href=http://www.mail2world.com target=new>http://www.mail2world.com</a><br>  <font color=#999999>Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!</font></font></span>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/sussex/attachments/20121206/7c06839c/attachment.html>


More information about the Sussex mailing list