Re: how to backup to an encrypted usb drive?

To: debian-user@lists.debian.org
Subject: Re: how to backup to an encrypted usb drive?
From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Date: Thu, 15 Nov 2018 04:07:59 +1100
Message-id: <[🔎] d420ee4a-e210-9ac5-9ecf-fec9f398b155@affinityvision.com.au>
In-reply-to: <[🔎] CAD8GWssJoEp6xzfKk+NNoDbG6WHtJqDrcwAK6PQeyzUFnAXkvA@mail.gmail.com>
References: <[🔎] CAD8GWssJoEp6xzfKk+NNoDbG6WHtJqDrcwAK6PQeyzUFnAXkvA@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

On 15/11/18 2:01 am, Lee wrote:
> What are you using to backup your files to an encrypted usb drive?

In an ideal world:

1. Don't use TrueCrypt any longer, VeraCrypt is the natural
replacement in the Winblows world.  TrueCrypt hasn't been considered
safe for quite some time and whilst I think VeraCrypt is fine, it has
the same original base as TrueCrypt and, in theory, goes against the
original TC license, but whose going to stop them?  I do use VeraCrypt
on Windows machines.

2. Don't use ANY drive or flash memory type device without encryption
for data you care about and which must be secure as you can never be
100% certain that wear leveling (or other mechanisms) won't leave your
data behind because a block on the media gets remapped and the
original block gets abandoned.  That is, any media type may well
silently re-map data sectors transparently.  That includes traditional
spinning rust,   Linux installs do need a non-encrypted /boot
partition, but everything else should be fully encrypted.  EFI/UEFI
could adjust your options for booting, as would GPT vs MBR type disks
disk labeling.

3. Encrypt with LUKS (full disk encryption) where you can, the entire
device, partition only if you need to.


Actual backup, there are so many options.

Have multiple USB drives of same size, update drive 1 to drive 2 using
rsync -- then next drive 2 to drive 3.

Use rsnapshot for the backups with hourly, daily, weekly ... and more
if needed, snapshots.

Save encrypted backups to off-site storage or at least keep one
encrypted backup off site at all times -- hence why at least 3 drives.

I'm not going to be exhaustive, but you get the idea that there are
loads of options.

If you do use dump (and restore), of any variant, do the dump with the
file system NOT mounted.

Cheers
A.
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW+xWagAKCRCoFmvLt+/i
+5xmAQCt4vdtmgjyT3IlbidGZ8e81sIPUNeMMYdnpVZV/0zMTQD/Y6JxDK397kZ8
Lw2fMdNQBptueYI1FED7HZ1KxncQwxw=
=w4dn
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>

References:
- how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>

Prev by Date: Re: Password policy.
Next by Date: Re: how to backup to an encrypted usb drive?
Previous by thread: Re: how to backup to an encrypted usb drive?
Next by thread: Re: how to backup to an encrypted usb drive?
Index(es):
- Date
- Thread