Support for encrypting backups


#21

I’m also looking to migrate off CrashPlan. ( sad really )

I’m comparing UrBackup and Duplicati as my solutions for family backup. I see number of other posts here in a similar predicament.

I find that Duplicati is a little fiddly t use and I would be concerned about user error, also a file restore seems to take a very long time depending on what volume of database files needs to be downloaded.

I think UrBackup is very promising. I agree with other posters here tht it does need a client side PKI based encryption option. I would gladly sacrifice server disk space and deduplication of backed up data in favour of files being encrypted using a GPG or other PKI encryption key. For me this is a must-have feature.


#22

I am also in support for feature of some sort of encryption of data at the server for security compliance.

Apart from the client, the data on the server should not be accessible to any other (Admin/user) and in case it is not possible then at least data should be correctly encrypted so that it is safe and can not be decrypted.


#23

@uroni +1 from me.

I don’t need encryption of file-structure. If I’m unable to read the file, that’s good enough for me. Super-duper-important is that the client encrypts stuff, and not the server.

Encryption would need to be reproducible, I guess, to prevent continuous full backups.

This feature would take away a lot of issues with regard to #gdpr


#24

Encryption of file-structure or partition image would be great for everyone. It can be enable or disable from server side and client side. For home users should be able to use it for general purposes. However, it should be only set from administrator for business purposes.

Without any encryption option with UrBackup, unfortunately its not a choice to backup & restore solution for me at all. :frowning:

Thank you.


#25

Allowing encryption to be disabled serverside would render encryption useless, don’t you think?


#26

I’d like to point out that I for one want to see the ability to encrypt backup traffic on LAN too, not just internet. This way the backup traffic can’t get snooped by staff or internal breaches. The majority of IT Security breaches, statistically, are done by company staff, not external parties. Having it be unencrypted on LAN makes it just that much easier to scoop data off other computers you don’t have access to.


#27

You can of course use the internet mode locally. It’s harder to setup, but otherwise it has next to no disadvantages.


#28

I might have missed it, but where in the Admin Docs would I find adapting the internet mode for LAN? Does that break LAN discovery at all?


#29

One of these:

  • You can run "C:\Program Files\UrBackup\enable_internet_only.bat" on the clients
  • Put server in a separate (virtual) network and only forward internet + web interface
  • Block 35623 UPD outgoing on the server with its firewall settings
  • The 2.2.x server has a --internet-only switch. On Windows add
    –internet_only_mode
    true
    to args.txt

Of course it breaks LAN discovery. But you can temporarily switch LAN mode back on once you have a new client.


Allow only authorized systems to join
#30

Are “internet” clients able to get new client updates pushed from the server? Is there any possibility in the future we can have LAN encryption + discovery? Or is that an impossibility?


#31

Sorry. But if the client would encrypt the backup, encryption of the traffic would not be required…


#32

I’m confused. Internet backup (as opposed to LAN), would mean the backup itself is encrypted, even on the server-side? Not the traffic between Client and Server?

What about wanting in-traffic encryption, but not on-disk encryption on the server? (for restoration reasons)


#33

Also, another question came to mind. If I do ONLY internet backups, does the Restoration ISO stop being able to discover LAN UrBackup servers?


#34

Shall we keep this topic about the Feature Request it’s about?


#35

Well, I’m game for being on-topic, but after reviewing this thread, it looks like it’s relevant to the latest response given about internet v LAN. So… should I start another thread for that one question? :confused: