Recently I was asked by a customer about the security of his data on the cloud.
Well, I had to be frank to him, so I told him that the engineers can have access to the raw data, which means that even when everything else is secure, the actual data are at the hands of the engineers responsible for the physical servers at the cloud premises.
Then an idea came to me, which I have implemented on a lab.
We have the tools, why not use them?
The idea is to have a shared location to store data in, and sync this on the cloud encrypted.
The tools are easy, share with samba, sync with any tool (I prefer copy.com for ease of access and linux native client), and encfs for encrypting everything that will be synced to the cloud.
The implementation is also quite easy. Lets see the theory behind this.
A couple of folders should be created, the one to hold the data, and the other to be used as "unencrypted" shared folder.
Then run the encfs utility, to create the encryption algorithm.
Start the sharing of the "encrypted" folder.
Share the "unencrypted" folder.
Thats it, it is done. You will have a shared folder which is encrypted and synced on the cloud. Even if you loose all your installation, you can just resync the "encrypted" folder to another server and mount your encrypted folder on a share, and voila, your data is there!
For the more technical part, you can follow the below instructions to make it hapen.
Make sure you have the latest updated linux software for your distro, and install samba, encfs and copy.com.
For Redhat, CentOS, Fedora and compatibles:
# yum install samba fuse-encfs wget
For copy.com download and install the agent directly from the site, or download directly from the link below:
# wget https://copy.com/install/linux/Copy.tgz
Extract and run the agent.
Create a folder named encrypted
# mkdir /mnt/encrypted
Create a folder named unecrypted
# mkdir /mnt/unencrypted
Create the encryption mounting algorithm
# encfs /mnt/encrypted /mnt/unencrypted
Follow the instructions on setting up the encryption algorithm and prefer higher encryption (eg. AES 16byte cipher, 64 to 4096 digits) and 256 bit key, and try to encrypt the filenames also. For the rest if you are not sure you can just leave the defaults, and finally, you should add a password for the encrypted folder. Here you should be careful to select a difficult and complex password, and make sure it is more than 10-12 characters long.
That's it, you have an encrypted and unencrypted folder.
Now you can share the "unencrypted" folder through samba.
Last, you need to start the cloud syncing agent, in order to sync the encrypted folder on the cloud.
In order to make the service autostart, you can use any starting service on your linux box, in order to have it done automatically. I use the "rc.local" as a quick and dirty way with a couple of lines, as follows:
/bin/echo 'Encryption_Password' | /bin/encfs /mnt/encrypted/ /mnt/unencrypted/ -S
/root/copy/x86_64/CopyConsole -r=/mnt/encrypted/ -p=Cloud_Password -u=cloud_Username -daemon
and have samba enabled as a service.
If you run into problems, there are a lot of forums that can help in any direction.
Well, I had to be frank to him, so I told him that the engineers can have access to the raw data, which means that even when everything else is secure, the actual data are at the hands of the engineers responsible for the physical servers at the cloud premises.
Then an idea came to me, which I have implemented on a lab.
We have the tools, why not use them?
The idea is to have a shared location to store data in, and sync this on the cloud encrypted.
The tools are easy, share with samba, sync with any tool (I prefer copy.com for ease of access and linux native client), and encfs for encrypting everything that will be synced to the cloud.
The implementation is also quite easy. Lets see the theory behind this.
A couple of folders should be created, the one to hold the data, and the other to be used as "unencrypted" shared folder.
Then run the encfs utility, to create the encryption algorithm.
Start the sharing of the "encrypted" folder.
Share the "unencrypted" folder.
Thats it, it is done. You will have a shared folder which is encrypted and synced on the cloud. Even if you loose all your installation, you can just resync the "encrypted" folder to another server and mount your encrypted folder on a share, and voila, your data is there!
For the more technical part, you can follow the below instructions to make it hapen.
Make sure you have the latest updated linux software for your distro, and install samba, encfs and copy.com.
For Redhat, CentOS, Fedora and compatibles:
# yum install samba fuse-encfs wget
For copy.com download and install the agent directly from the site, or download directly from the link below:
# wget https://copy.com/install/linux/Copy.tgz
Extract and run the agent.
Create a folder named encrypted
# mkdir /mnt/encrypted
Create a folder named unecrypted
# mkdir /mnt/unencrypted
Create the encryption mounting algorithm
# encfs /mnt/encrypted /mnt/unencrypted
Follow the instructions on setting up the encryption algorithm and prefer higher encryption (eg. AES 16byte cipher, 64 to 4096 digits) and 256 bit key, and try to encrypt the filenames also. For the rest if you are not sure you can just leave the defaults, and finally, you should add a password for the encrypted folder. Here you should be careful to select a difficult and complex password, and make sure it is more than 10-12 characters long.
That's it, you have an encrypted and unencrypted folder.
Now you can share the "unencrypted" folder through samba.
Last, you need to start the cloud syncing agent, in order to sync the encrypted folder on the cloud.
In order to make the service autostart, you can use any starting service on your linux box, in order to have it done automatically. I use the "rc.local" as a quick and dirty way with a couple of lines, as follows:
/bin/echo 'Encryption_Password' | /bin/encfs /mnt/encrypted/ /mnt/unencrypted/ -S
/root/copy/x86_64/CopyConsole -r=/mnt/encrypted/ -p=Cloud_Password -u=cloud_Username -daemon
and have samba enabled as a service.
If you run into problems, there are a lot of forums that can help in any direction.
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου