Guest

Create a Secure Cloud with Sync and Amazon EC2

Recommended Posts

Guest

Here's an awesome Sync Hack from the BitTorrent Blog. Want access to your files on your own terms? Set up your own personal cloud using Sync!

http://blog.bittorrent.com/2013/08/06/how-to-create-a-secure-cloud-with-bittorrent-sync-amazon-ec2/

File sync is awesome. Without the ability to get at my files on all my computers (4, currently), I don’t know how I would function. That said, I’m not super-fired-up about Dropbox’s security and privacy practices (or Google Drive’s, for that matter), particularly in light of recent news.

So I got pretty excited when I learned about BitTorrent Sync, software that syncs your files without requiring you to give the key to those files to a company like Dropbox or Google. Like its namesake, BitTorrent Sync is decentralized. It syncs files between the computers you install it on, and does not rely on any central server.

Share this post


Link to post
Share on other sites

AWS and cloud services in general are very expensive. I'd go with a storage oriented cheap VPS.

Of course it's not as reliable or high performance but you already have redundancy...

Also with encrypted nodes on the horizon you can just make backup buddies.

Share this post


Link to post
Share on other sites

I think your solution is not safe. Dropbox "encrypts" all the data and your solution only the communication between your computer and server with btsync. Please do not forget if you rent a server, its not your server and in time of PRISM maybe 3rd person has access to it.

If you installed the server was it "your" image or an image given by the provider? In best case if there is no backdoor (ssh keys etc.), where do you know that someone at you provider does not boot in e.g. rescue mode or from different system with your hard disk to access all your data?

Thats why i would use encryption. But the problem with e.g. ecryptfs is, that for running btsync the needed home folder must be unenrypted and an unencrypted home folder is visible by root. Means that it could be accessible again by people with more "force" or by a backdoor.

Thats why i would install the encrypted home folder not on your rented server, i would install it on a virtual machine (kvm) running on your rented server where you can use you own installed image. And in case someone has access to the rented server the 3rd person can only download an image file with encrypted home folder.

I am not really a security expert and i am not sure that this solution is safe, but i think more safe than install all my personal data on an "unprotected" system.

Share this post


Link to post
Share on other sites

I'm definitely not a security expert either, but would something like what's done here work similarly for BTSync? I'm just about to set up something like this, so haven't tried it yet, but see no issues with it either.

As long as the encfs command isn't run automatically, you can't use the HDD in another system, as the data won't be decrypted yet. However, once the command is run, BTSync would see standard files.

Am I getting something wrong with the basics? Like I said, I don't have this running yet, but hope to do that this weekend.

Edit: In summary, encrypted during transfer by BTsync, encrypted on HDD by encfs. Unencrypted in RAM, but direct access can't really be protected against without the encrypted node kind of stuff.

I think your solution is not safe. Dropbox "encrypts" all the data and your solution only the communication between your computer and server with btsync. Please do not forget if you rent a server, its not your server and in time of PRISM maybe 3rd person has access to it.

If you installed the server was it "your" image or an image given by the provider? In best case if there is no backdoor (ssh keys etc.), where do you know that someone at you provider does not boot in e.g. rescue mode or from different system with your hard disk to access all your data?

Thats why i would use encryption. But the problem with e.g. ecryptfs is, that for running btsync the needed home folder must be unenrypted and an unencrypted home folder is visible by root. Means that it could be accessible again by people with more "force" or by a backdoor.

Thats why i would install the encrypted home folder not on your rented server, i would install it on a virtual machine (kvm) running on your rented server where you can use you own installed image. And in case someone has access to the rented server the 3rd person can only download an image file with encrypted home folder.

I am not really a security expert and i am not sure that this solution is safe, but i think more safe than install all my personal data on an "unprotected" system.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.