CentOS - Sep 2009 - Securely backing up Linux machines to NAS?

I have been tasked with having a Buffalo Terastation Pro 2 NAS box,
likely to be connected to a Linux box via samba, be the storage device
to back up mostly Ubuntu and Centos systems. ?The trick is, the
machines to be backed up need to do so in an automated fashion and
make a secure, encrypted connection to my Linux box hosting the NAS.
The NAS does have SSL enabled for web admin access, though the same
login credentials are used to authenticate the Linux host via samba to
the NAS.

So what are the simplest options to back up the Linux hosts? ? rsync
does come to mind, but how to do so securely from each host? ? I'd
consider something via ssh, but that would mean an interactive login,
and encrypting individual files on the hosts is not an option.

NFS is also available on the NAS, but considering the security
concerns, I will not use that, nor do I want to enable any more
services on the linux machines being backed up than necessary, meaning
samba is not an option, unless it remains the ONLY one.

I ONLY plan to use samba to mount the NAS to my Linux server, unless
someone comes up with a more secure method, or even away to negate the
need of the Linux server and permit the hosts to back up directly to
the NAS...

Ideas are welcome.

Thanks.

Scott

On Fri, Sep 11, 2009 at 10:42:19PM -0400, Scott Ehrlich
wrote:
> I have been tasked with having a Buffalo Terastation Pro 2 NAS box,
> likely to be connected to a Linux box via samba, be the storage device
> to back up mostly Ubuntu and Centos systems. ?The trick is, the
> machines to be backed up need to do so in an automated fashion and
> make a secure, encrypted connection to my Linux box hosting the NAS.
> The NAS does have SSL enabled for web admin access, though the same
> login credentials are used to authenticate the Linux host via samba to
> the NAS.
> 
> So what are the simplest options to back up the Linux hosts? ? rsync
> does come to mind, but how to do so securely from each host? ? I'd
> consider something via ssh, but that would mean an interactive login,
> and encrypting individual files on the hosts is not an option.
> 
> NFS is also available on the NAS, but considering the security
> concerns, I will not use that, nor do I want to enable any more
> services on the linux machines being backed up than necessary, meaning
> samba is not an option, unless it remains the ONLY one.
> 
> I ONLY plan to use samba to mount the NAS to my Linux server, unless
> someone comes up with a more secure method, or even away to negate the
> need of the Linux server and permit the hosts to back up directly to
> the NAS...
> 
> Ideas are welcome.
rsync+ssh (using key based auth) or some sort of private encrypted
backup network (perhaps via openvpn).

rsync+ssh probably simpler. :)

I would guess some of the backup software packages out there (bacula,
etc) will also do encryption.

Ray

Scott Ehrlich wrote:
> Ideas are welcome.
Quite a situation your in, if security is that much of a concern
glad I don't work where you are, sounds like a real pain in the
ass.

Your only options to mount the NAS from what I could see on the
data sheet are FTP and Samba.

So what I would do is probably use something like rsnapshot over
ssh. Use key based authentication so your "server" can login to
the other systems(not vise versa), if your really paranoid you
could even assign a pass phrase to the key and use something
like ssh-agent to manually run backups.

Copy the files to the linux server first, encrypt them, perhaps
copy them directly to a loopback mounted file system that is
encrypted already. Then send the encrypted file(s)/image(s) to
the NAS box via whatever protocol you want. Don't send
the data unencrypted to the NAS box at all. Treat the data
as compromised, it doesn't matter who gets their hands on it,
if they don't have your keys and passwords they can't unlock
it.

You could go a step further and run an encrypted file system
on the servers themselves to store the sensitive data, and
back up the raw image(make sure it's in a consistent state).

I can't imagine a situation where the data is so important to
do this sort of a procedure and yet rely on a such a piece
of crap NAS box as the one your tasked with using.

Even when I worked at a company that processed millions in CC
transactions a day we didn't have that kind of paranoia. Of
course the networks themselves were fairly well protected.

nate

>So what are the simplest options to back up the Linux hosts?   rsync
>does come to mind, but how to do so securely from each host?   I'd
>consider something via ssh, but that would mean an interactive login,
>and encrypting individual files on the hosts is not an option.
Rsync's default transport _is_ ssh, and I understood you can't even
change
that in current versions. That's pretty secure and can be automated...

Scott Ehrlich wrote:
> I have been tasked with having a Buffalo Terastation Pro 2 NAS box,
> likely to be connected to a Linux box via samba, be the storage device
> to back up mostly Ubuntu and Centos systems.  The trick is, the
> machines to be backed up need to do so in an automated fashion and
> make a secure, encrypted connection to my Linux box hosting the NAS.
> The NAS does have SSL enabled for web admin access, though the same
> login credentials are used to authenticate the Linux host via samba to
> the NAS.
> 
> So what are the simplest options to back up the Linux hosts?   rsync
> does come to mind, but how to do so securely from each host?   I'd
> consider something via ssh, but that would mean an interactive login,
> and encrypting individual files on the hosts is not an option.
> 
> NFS is also available on the NAS, but considering the security
> concerns, I will not use that, nor do I want to enable any more
> services on the linux machines being backed up than necessary, meaning
> samba is not an option, unless it remains the ONLY one.
> 
> I ONLY plan to use samba to mount the NAS to my Linux server, unless
> someone comes up with a more secure method, or even away to negate the
> need of the Linux server and permit the hosts to back up directly to
> the NAS...
I always recommend looking at backuppc first for an online backup service 
because it gets almost everything right and has a simple web interface for 
configuration and acces.  It's not a real good fit for a NAS though.  You
could
probably make it work over NFS - and fix the security issue by connecting it 
directly to a 2nd NIC on the linux box and nothing else, but it would be much 
easier to just add some large drives either internally or via eSATA on the linux
box itself.  It can't use samba-mounted storage for it's archive because
it uses
hard links to save space for duplicate files.

-- 
   Les Mikesell
    lesmikesell at gmail.com

At 10:42 PM 9/11/2009, you wrote:
>I have been tasked with having a Buffalo Terastation Pro 2 NAS box,
>likely to be connected to a Linux box via samba, be the storage device
>to back up mostly Ubuntu and Centos systems.  The trick is, the
>machines to be backed up need to do so in an automated fashion and
>make a secure, encrypted connection to my Linux box hosting the NAS.
>The NAS does have SSL enabled for web admin access, though the same
>login credentials are used to authenticate the Linux host via samba to
>the NAS.
>
>So what are the simplest options to back up the Linux hosts?   rsync
>does come to mind, but how to do so securely from each host?   I'd
>consider something via ssh, but that would mean an interactive login,
>and encrypting individual files on the hosts is not an option.
>
>NFS is also available on the NAS, but considering the security
>concerns, I will not use that, nor do I want to enable any more
>services on the linux machines being backed up than necessary, meaning
>samba is not an option, unless it remains the ONLY one.
>
>I ONLY plan to use samba to mount the NAS to my Linux server, unless
>someone comes up with a more secure method, or even away to negate the
>need of the Linux server and permit the hosts to back up directly to
>the NAS...
>
>Ideas are welcome.
>
>Thanks.
>
>Scott
Scott,

http://www.jms1.net/code/rsync-backup.shtml

Cheers!

Hi,

On Fri, Sep 11, 2009 at 22:42, Scott Ehrlich <srehrlich at gmail.com>
wrote:
> I ONLY plan to use samba to mount the NAS to my Linux server, unless
> someone comes up with a more secure method,
I don't know if I understand what you mean by the sentence above, but
Samba is *not* secure in the sense that nothing is encrypted in that
connection.
> or even away to negate the
> need of the Linux server and permit the hosts to back up directly to
> the NAS...
>
> Ideas are welcome.
You mention that you want to use encryption to upload the files to the
NAS and for that you would like to use an encrypted protocol
(something over SSL or SSH). However, by doing that the files on the
NAS side would still be unencrypted, and anyone having access to it
would have access to all your backup files (I don't know if that is an
important security consideration for you).

Another alternative would be using a backup software that would create
an encrypted backup image and then upload it to the NAS. That way you
may do the upload using an unencrypted protocol (like FTP or CIFS
which seem to be the ones that your NAS supports) and even if someone
hacks your NAS they would not be able to access your backed up files.

One software that does exactly that is Duplicity:
http://duplicity.nongnu.org/

It certainly supports FTP for the upload, I believe it should support
Samba as well.

HTH,
Filipe