FrHackNight013

From Hackerspace Brussels
Revision as of 22:08, 29 July 2010 by Askarel (Talk | contribs) (Category:FrHackNight)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


FrHackNight013
Fri 12 Mar 2010 19:00
till Fri 12 Mar 2010 23:59
Hack.jpg
What:
What ??
Tagline:
whatever your obsessed with for the moment
Where:
HSB Brussels,Belgium
Cost:
0
Who:
ptr_, You ??
URL:
  • off-site secure storage




ptr_'s idea of off-site secure storage:

client (ecryptfs, nfs-client,vpn) + (vpn-enabled) NAS/fileserver

workflow

  • decrypt config files (0)
  • connect to VPN (config file on usb, keys, password) (1)
  • mount the network storage (nfs or samba) -- over the vpn (2)
  • mount the ecryptfs stackable filesystem (encrypts everything before saving to underlying storage -- in this case the nfs) (3)


(0) config files needed for VPN and network storage etc encrypted on disk decrypted by the user when needed. (eg bcrypt, gpg or other commandline tool) (config+scripts: vpn, armed firewall, smb/nfs, ecryptfs)

(1) vpn: to be sure you are communicating only within authenticated parties this is true ONLY IF the storage device is physically secured: if attacker has copy of the private keys on the NAS, he can fake it! but attacker still only has access to encrypted data + but can try to break in your pc through vpn tunnel (blocked by firewall)

(2) smb,nfs: connect to network storage server it does not provide user authentication, nor access control -- only network filesystem

(3) ecryptfs : encrypt all data before leaving the pc everything saved on this mount is encrypted before it is saved onto underlying fs -- in our case the network storage in (2) needs some config parameters when mounting (mount point, crypto algo, etc) -- preferably stored in script cfr (0).