On Tue, Feb 19, 2019 at 03:41:23PM +0000, lik...@gmx.de wrote: > Hi, > > assume there are files stored in a qube without networking. Furthermore > assume there's a secured backup server located in the internet. This server > is only a storage of client-side (before data is sent over the wire) > encrypted files. What options do you imagine to backup those files (skip the > client-side encryption) to the server? > > I can imagine the following options: > 1. enable temporary the network with firewall restricted to the server for > the (previously offline) qube > Advantage: no inter-vm copying of files. > Disadvantage: firewall rules must be setup correctly to avoid to bypass > any other traffic like icmp/dns etc. I can imaging a potential information > leakage due to enabling network access. > 2. copy files temporary to another qube (dvm?) with a firewalled internet > connection > Advantage: files not being backed up can stay secured in the non-network > cube. Leakage of data is reduced in comparison to 1. > Disadvantage: can take time and needs additional disk ressources > > I've learned that you should always find at least 3 options, otherwise you > haven't thought hard enough. Which options am I missing? > > Which option would you prefer and why? > > Best, Pete
3. Create encrypted (compressed) backup in offline qube. qvm-copy backup to online disposableVM. Copy encrypted file to backup server. Advantage: All files secured in non-network qube. Disadvantage: ??? Is inter-vm copying of files really an issue? Free space such an issue? Using compressed backups should help mitigate this as a serious issue, but that problem would extend to *all* your Qubes use. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190220004623.q5vg6vwzhg3r5fv6%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.