Best way to securely backup LVM on LUKS encrypted system

Similar Messages

• What is the best way to secure and harden a Macbook Pro against unwanted surveillance?

  What is the best way to secure and harden a Macbook Pro against unwanted surveillance? Tor, VPN, Little Snitch, etc. This would be for that latest version of Mavericks.

  djbabybokchoy wrote:
  Nothing specific, just speaking in general. Ex-wives, governments, bad guys...anyone really. I'm just looking to make my Mac a bit more private and secure, especially when on public networks.
  Governments and ex's will/may have recourse to the legal process (or in the case of the Gov they can choose to ignore the legal system if they feel like it) when they want to see something of yours, good luck hardening your Mac against that. The best way to avoid the possibility of snooping over public networks is to avoid them but if you can't then Kappy's suggestion will help.
  Strong passwords (everywhere) and don't use the same password in multiple locations.
  If you really want to secure your home wireless use Mac address connection authentication, do not allow unknown Mac addresses to connect. It's much stronger than a WPA password alone.

• Best way to secure wireless?

  I'll be getting a MacBook Pro and wireless broadband from Sky very soon and I was wondering what the best ways of securing your wireless are.I only want the people in my home to use it, not the neighbours.
  Thanks

  In your router be sure to turn on security using WPA2. You can add an additional level of security if the router supports it by creating a private or closed network in which only devices whose MAC addresses are included can join the network. If the router has its own built-in firewall turn it on as well if it isn't on by default. Consult the user manual for your router on how to configure these.

• Best way to secure RIDC connection?

  Hi All,
  I need you inputs on the best way to secure RIDC connection. RIDC supports the following:
  1. Intradoc - Use Socket SSL.
  2. JAX- WS. -
  3. HTTP - Using Apache HttpClient package. This is not preferred as we don't have an environment that will support WNA.
  I am more interested in knowing the which of the options is better (1 or 2) and reasons for it.
  Thanks,
  SP

  Thanks Yannick for your reply. For the same reason we have choose to use RIDC over SSL.
  I got the configuration working programatically (following the developers guide) but if I try to create a connection of type 'socketssl' i get the following error which i posted in another thread.
  Unable to Create a Content Repository Connection using 'socketssl'
  It would be very helpful if you could let me know if I'm doing something wrong here. I'm using Jdeveloper 11.1.1.5.0.
  Thanks,
  Manjunath
  Edited by: 890922 on 31/10/2011 19:43

• What is the best way to secure my iPad from ID theft

  What is the best way to secure iPad purchases from the app store?

  Technically, they will import off your flash drive....if it's one of the models that work (maybe 50% do) and if they meet the very rigid naming convention that the iPad insists on.
  It's far easier to use a computer then either sync them on via iTunes, e-mail them to yourself or upload them to something like dropox, then download them onto your device.

• What is the best way to achieve backup and storage by combining TC and external HD?

  Hi,
  By reading various posts I came to the conclusion that my recently bought 2TB TC (still in the box) needs to be combined with an external HD (not bought yet) if I want both network (WIFI) storage and safe backup.
  Could someone please confirm what the best way of organising the two devices is and advice on the various steps I will need to take?
  See below for some extra information:
  I want to back up a Mac Book Pro with 250 GB HD and potentially a HP laptop (250 GB as well).
  Can this also allow me to backup a iPad?
  The storage will need to be accessible to both machines. It will mostly be pictures.
  Back up should be as automated as possible, i.e. Time Machine is the obvious choice but I am open to other tools.
  With regards to the external hard drive, are models like Western Digital Element or Seagatte Expansion suitable to stay plugged in the TC 24/7? Will they not overheat?
  My initial idea is to use the WIFI facility of the TC box. I can use the WIFI facility of the modem/router is more appropriate.
  Thank you in advance for your replies.
  Denis

  The drives you are backing up are small. There is no real need to use external drive but you do need a backup if you store files on the TC.. for just backups that is not necessary.
  You cannot partition the TC but you can create a disk image for using with data files.. ie the PC backup.
  Read Q3 here http://pondini.org/TM/Time_Capsule.html
  Can this also allow me to backup a iPad?
  iPad is backed up to itunes.. or to cloud.. it is not able to see the TC drive at all without an app. You can manually copy files to the TC using filebrowser app but there is no auto backup software in the iPad to other than itunes.
  It will mostly be pictures.
  Back up should be as automated as possible, i.e. Time Machine is the obvious choice but I am open to other tools.
  So you are not backing up, you are storing files.
  You cannot access files in a Time Machine backup except by restoring them to the Mac. The PC cannot see them at all. That means you are not backing up.. you are storing files, even if just copies of the files. To do that you just copy via finder or windows explorer.
  There are various scripting methods to ensure these photos are synced on all the devices. .but that is not what a backup software does.
  If you want to use USB drive that is fine, they can stay attached 24/7. The disk will spin down generally when not in use.
  They will not overheat.
  But it is much faster to copy files to the USB drive plugged into the computer than on the TC.. the USB link on the TC is slow.. less than half the speed of the same drive on the computer.. much slower than the TC internal drive. It might be better to plug a USB drive directly into a computer.

• Best way to secure server

  hi ! well my servlet app in done, but Im worried about security and how sensible data can be reached by people who shouldnt be accessing it.
  So my question is, wich is the best way to ensure that the data will not be readed by someone else? I have crypted things like database fields, but Im interested in the data that is being handled by the server and the client and possible attacks.
  All recomendations are welcome.
  Thanks!

  dunno if u did it but first thing to do is prevent sql injection ie forbiding usernames password and all other form feild or in fact any stringish data u accept form clients to start with unwanted chars like (' or " or ;) and end with things like sql comment mark (i think its --).
  next thing that can come in handy is forbiding HttpSession to be created in all servlets exept in login servlet. this is done by:
  HtttpSession session=request.getSession(false);
  this disables HttpSession to be created but still making if avaliable if it is created some time earlier (depeniding on session-timout tag in web.xml, default is 10 or 30 minutes).
  hope i helped

• What's the best way to secure an Apple TV unit?

  I'm looking to secure an Apple TV in my office. What's the best way to lock it down to, say, a table or a wall?

  Some type of locking cabinet or drawer to put the unit in that leaves sufficient room for the cables to come out the back.
  Then use the Remote app on an iOS device to control the unit.

• Is KeyChain the best way to secure all passwords?

  I have a list of passwords and logins for various websites.  Is KeyChain the best way to track them and to login to the sites securely?

  Yes, it remembers passwords in probably 95% of cases (there are some problem sites that can "trick" it). It does also work with iOS devices as well. Note it only works in Safari on OS X and iOS. You can't use it in other browsers, or in other applications on iOS.
  I've been using it for years (before it was iCloud keychain, there was MobileMe keychain sync in Snow Leopard) and it has worked well for me.
  There are paid alternatives, like 1Password, which are also very good but if you use Safari I don't think there's a need to spend money.

• Best way to Securely publish OWA and Active Sync

  Hi Guys
  Just a quick question what is the best way for me to securely publish OWA and Active Sync in Exchange 2013, I have 1 CAS server and one MB server both on my lan but i have 443 open to internet and would like to make it more secure by putting maybe a reverse
  proxy or OWA device in my DMA, my setup is small sub 200 users so cost is a factor, what is the most economically way for me to do this with the least amount of work and complication
  I know ISA/TMG is now extinct and i dont want to use any linux reverse proxies etc.. just a simple solution that will publish these services securely that is easy to support going forward and inexpensive.
  Thanks in advance
  Spudney

  What exactly are you looking to secure?  If all that you have open is TCP 443 that is a tight setup already.
  You'll  have to state the business requirements you are looking to address - and for a 200 user org I suspect that they will be very different from a large enterprise.
  Take a look at this pls:
  http://blogs.technet.com/b/exchange/archive/2013/07/17/life-in-a-post-tmg-world-is-it-as-scary-as-you-think.aspx
  And say hello to Renton as well please!
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Best way to secure Aironet 1200 for small office

  We are getting ready to install 4 aironet 1200 AP's into an office that will only be used by 5 people with T43 Thinkpads (Intel 2200 built-in card).
  What is the best method to secure the connection and prevent the outside world from accessing our internal network?
  I don't feel WEP/WPA encryption is enough -- Would be interested in using the built in security that comes with the Aironet and not an external security server, yet.
  Any info or push in the right direction is greatly appreciated.
  Thanks

  You could pretty easily use the "local" RADIUS built-in to the AP firmware and implement LEAP or EAP-FAST.
  Both are pretty easy to set up, the AP can handle that small load without any real performance issues, and the Intel client software supports it (you'll want to make sure all the client software and drivers are the most recent, there were some issues in the past).
  Both LEAP and EAP-FASt will support seamless roaming, You'd set one of the APs up for WDS and the others to point to it.
  Admin (add/change/delete users) via the Web GUI is also pretty straight forward.
  Good Luck
  Scott

• Best way to securely share file/send link to external client

  I'm looking for the best method of securely sharing and/or sending large files (big Keynote documents and videos) to external clients. Basically a YouSendIt-type solution, but hosted and running off of my OS X Server.
  What I'd like to be able to do is generate a secure URL for an individual file that can be emailed to a client. I would prefer not to have them need a username/password, but just be able to click and download from the link. I'd also like that link to expire after a certain amount of time. I'm not positive if this is the best method, and am open to other options suggestions.
  Would love some advice as I've been Googling for quite a while without any solid suggestions or solutions. Thanks!

  Off the top, and I don't know how familiar you are with bash shell or other scripting languages here...
  Cleanup is one or two lines of bash in a +periodic daily+ script. Delete stuff older than a week or such via a bash shell find command and an rm, mayhap. That stuff is easy, if it's just a "blindly nuke stuff older than a week" or similar logic required. (Test that rm logic carefully as it really stinks to accidentally rm too much.)
  Upload is slightly more involved. Probably a droplet or such, invoking Applescript or a bash shell script to generate a GUID (or a random string) and copy the file into the web files directory. [Here's a start|http://putnamhill.net/codeshop/applescript/applescript_bash.html] toward this; that looks like it'll get you to bash, and you can do what you need from there. Drop a file on the droplet, and you get a GUID-based name generated and an sftp certificate-based transfer up to the server, and a dialog box showing you the filename.
  Or you do an upload via a web form that pulls up the file and manipulates it and tosses up a page with the URL for you. That can easily be a cgi page, since this isn't high-volume stuff.
  If this stuff doesn't exist, it's a day or two to code it in bash. And perl or php or python or ruby or such could likely be used here, too.
  In general: be careful with who and what can be uploaded to your server, too. Allowing a random file upload into the server environment is very close to allowing a server breach. Some of the attacks here are clever, too. (qv: "gifar" files).

• Beginner question: Best way to do backups ?

  Hello all :-)
  Our setup: PPC powered XServe running latest OS X 10.5.x release; server is located at a server housing centre; will be used for webhosting and e-mail as well as some small web applications.
  I'm now in search for a way to perform backups on a regular base including not just user data but also the entire operating system and its configuration (IP, DNS, domain setups, user mail accounts, etc.).
  If I had the server at hand at the office, I simply would clone the harddisk. So I can mount it and take either some lost files or even replace the running system HD with that in case of big trouble and get a running server back in minutes.
  However since I have no physical access to server (at least it would mean about several hours of driving), I'm not sure how that can be solved. I currently see just one option for us:
  We are going to use the server with two additional harddisks for backup. So I could connect to the server using Remote Desktop and run a harddisk clone utility. Then unmount the drive and ask the hosting support department to swap harddisks if necessary.
  However I don't like this solution because we have no local copy of the clone here (and who knows...). Guess files may get downloaded by FTP/SSH, but I'm not sure if this would really work (much data to transfer).
  So my questions to the community:
  If above option is the only one, can I simply use Time Machine for that purpose ? Where can I find more information about recovery (guess the OS DVD is required and makes it necessary to get hands on the server) ?
  What other options do we have ? Is there a good harddisk cloning app that is able to do remote as well as local backups you can recommend to us ? Our main priority is quick data recovery and a solution that is really backing up anything (just for backing up user files there would be no reason to clone the entire harddisk...).
  I hope that I was able to describe our problem. I'm looking forward to your replies and suggestions :-)
  Benjamin.

  You can use:
  - DefaultAuthenticator to directly create users on Weblogic,
  - SQL Authenticator or Read-only SQL Authenticator to retrieve users from DB
  - LDAP or Windows NT Authentication Provider to retreive users from various LDAP servers or MS Active Directory
  or you can combine multiple authenticators :)
  What you will choose depends on your use case.
  Dario

• OIM 9031: Best way to handle application/test account on target system.

  Hi Guys,
  I am wonder what will be the best way to handle application account created in target sytem . i.e. I have target system Active Directory and on non-trusted reconciliation, I also fetch application/test account which not going to match to any existing user ,but should be capture for reporting or any future action .
  Any input or idea is most welcome !!
  Cheers,
  Ankit

  There are basically two approaches to handle service accounts.
  Either you model them as a free standing RO very similar to a normal AD account or you use the built in "service account" and associate the account with an already existing AD RO instance. I haven't used the "service account" approach in any customer project yet so I can't really comment on the details of that approach (hopefully someone else will be able to do that).
  Are you sure that you have service accounts in AD that you can't attribute to a specific users? Most organizations require service accounts to be linked to a user or a group of users so that the need for the account to continue existing can be verified by a human. Having live accounts in your AD that no one can say what they do or why they exist is normally a very scary thought for most organizations.
  Hope this helps
  /M

• What's the best way to load FieldPoint measurement data into PI System?

  I am finding the best way to load data collected by NI Field Point (FP2220) into the PI system of our power plant.
  I found pieces of information about FieldPoint OPC server in NI.com. Not sure if it comes with Field Point Hardware, sold by NI as a separate product or it is actually non-standard NI products. Anyway, I know that there exists a thing called FieldPoint OPC server.
  The PI system I mentioned has a OPC client software called PI-OPC interface. It is able to communicate with standard OPC DA server. If that FieldPoint OPC server is a standard OPC DA server provide data collected by Field Point complying to OPC standard, than that's perfect.
  Anyone familar with PI system and NI product, please help if the above is going to work or if there is a better way to put Fieldpoint data into PI.

  Hi Eric,
  This information really helpful, thanks. Regarding to the NI OPC server for NI FieldPoint, I have the other query.
  In my setup, there are two sets of FieldPoint located in two different locations on my ethernet network. They are going to be controlled by a single PC. If I am going to connect both my FieldPoint sets with OPC standard, how many NI OPC server for FieldPoint do I need to connect to? Are there two NI OPC servers each serves one FieldPoint set? Or there is only NI OPC server which serves both FieldPoint sets?
  I am concerning about the number of NI OPC server instances running, because the number of OPC client license I need to purchase depends on how many OPC server I need to connect to. If one NI OPC server serves both my FieldPoint sets, I only need to buy one OPC client license; otherwise, I need to purchase two. In the future, I am going to have another two sets of FieldPoint sets, so the answer of my query determines how many OPC clients I need to purchase eventually - One or four. A huge price difference.
  Looking forward to your reply.
  Regards,
  Roger