Allowing encryption to be disabled serverside would render encryption useless, don’t you think?
I’d like to point out that I for one want to see the ability to encrypt backup traffic on LAN too, not just internet. This way the backup traffic can’t get snooped by staff or internal breaches. The majority of IT Security breaches, statistically, are done by company staff, not external parties. Having it be unencrypted on LAN makes it just that much easier to scoop data off other computers you don’t have access to.
You can of course use the internet mode locally. It’s harder to setup, but otherwise it has next to no disadvantages.
I might have missed it, but where in the Admin Docs would I find adapting the internet mode for LAN? Does that break LAN discovery at all?
One of these:
- You can run
"C:\Program Files\UrBackup\enable_internet_only.bat"on the clients - Put server in a separate (virtual) network and only forward internet + web interface
- Block 35623 UPD outgoing on the server with its firewall settings
- The 2.2.x server has a
--internet-onlyswitch. On Windows add
–internet_only_mode
true
to args.txt
Of course it breaks LAN discovery. But you can temporarily switch LAN mode back on once you have a new client.
2 Likes
Are “internet” clients able to get new client updates pushed from the server? Is there any possibility in the future we can have LAN encryption + discovery? Or is that an impossibility?
Sorry. But if the client would encrypt the backup, encryption of the traffic would not be required…
I’m confused. Internet backup (as opposed to LAN), would mean the backup itself is encrypted, even on the server-side? Not the traffic between Client and Server?
What about wanting in-traffic encryption, but not on-disk encryption on the server? (for restoration reasons)
Also, another question came to mind. If I do ONLY internet backups, does the Restoration ISO stop being able to discover LAN UrBackup servers?
Shall we keep this topic about the Feature Request it’s about?
Well, I’m game for being on-topic, but after reviewing this thread, it looks like it’s relevant to the latest response given about internet v LAN. So… should I start another thread for that one question? 
Why don’t you need that? Do you encrypt the whole disk?
First, thanks for your work, Urbackup is Great tools !!
There are two kinds of encryption, first is the physical access to the harddisk, second is to the backup administrator, us.
First kind of encryption, recently I came across a client’s compliance assessment, they asked is the backup storage encrypted? well, I can say yes because I can encrypt my storage partition 
Second, can you read all data stored in the backup? Er… Yes I can. 
I am thinking, it can be fulfilled both by adding a “Keyphase” in the Urbackup client setting, so the backup content of a client is encrypted by that keyphase, so you can only read the content if you have the keyphase.
I know it will increase the server loading very very much I can imagine the incremental backup mechanism, you need to decrypt everything, compare it then backup and combine it and encrypt it. sounds it will slow down to an unacceptable speed.
just my 2 cents.
Based on my previous needs, and what I’ve seen from other products, only the data itself would need to be encrypted. The names and other data (size, time, etc) would not need to be altered.
The goal would be just to protect the data itself.
I assume this would (or, at least, could) adversely impact DeDuplication, but for the intended use cases, that would be less of a concern.
@uroni is this feature on your roadmap? having data encrypted with a user key would really be a killer-feature and help a lot in keeping private data secured
An implementation of this is currently in the dev branch. It solves this “properly”, so it also encrypts metadata such as file names + sizes + file system structure, but of course de-duplication between clients isn’t possible anymore. Pieces such as being able to mount the encrypted backups on the server are currently missing plus a lot of other things.
Focus is currently on finalizing 2.5.y. So if you want to help, testing that would speed up that, so focus can be switched to dev.
9 Likes
I am also interested in encyption of data in rest.
@uroni
Would be interested aswell. Is there any way for me to test the feature now already? Cant find the dev branch anywhere.
Would it not be possible have encryption via the group, anyone in the group can de-duplicate between each member)?