|Topic:||LONE-TAR Data Encryption||Article Bookmarks|
|YouTube Video||How to activate encryption with LONE-TAR|
One of the great features of LONE-TAR that you cannot get with open-source backup software, is our HIPPA compliant encryption module. Our module uses 256bit AES (Advanced Encryption Standard) to encrypt your data. All you have to do is setup a pass-phrase that is easy to remember by the user but hard for a hacker to crack. Once a pass-phrase is entered for your device, all backups to that device will be encrypted and cannot be read without decryption first.
When using encryption, remember to...
- Test a restore using your pass-phrase
- Make new AIR-BAG media when pass-phrase changes
- DO NOT FORGET YOUR PASS-PHRASE!
After you enable encryption, the Device Manager will have new options when editing your devices. Option #11 will now allow you to setup encryption, or change/remove your encryption pass-phrase.
When encryption has been enabled, the message *** Encryption Active *** will appear .
Log files will be updated with the -zCRYPT option.
# /bin/lone-tar -X /log/list.dir/exclude-Master_SSH -PZMaVLRRR 10 -fbk 10.1.10.22:/backups/shiraz/M-backup-Wed.ltar 64 20000000 -zCASCADE -zCRYPT=1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx .
As you watch files being backed up, you will notice at the end of each file, the word encrypting:
-- a ./boot/grub2/grub.cfg, 12 blocks...compressing bzip and encrypting===> 4 blocks!! (70.24%)
The log files always 'x' out the key for protection.
If you would like to see the actual key, it resides inside /usr/lone-tar/ltar.dev
Pros to using data encryption:
- Protects your data from prying eyes.
- You can take backup media off-site when using encryption without free of exposing your data.
- Protect your data from internal sabotage.
- Safe from lost or stolen backup media.
Cons to using data encryption:
- Forgetting the pass-phrase
- Tendency for backup times to increase by 6%