@tim-mcmanus said in Auto Config backup.:
So your compliance needs are for data to be encrypted while in transit and at rest? What are the additional compliance requirements for data at rest? Sounds a lot like HIPAA or SEC/OCC compliance.
yes at rest and as well as in transit. Also methodology used to achieve backup.
You could simply get an Amazon CentOS server and put it on S3 storage to pass audits. S3 is encrypted at rest, but the data file itself would not be. Depends on your auditor and their mood.
If Netgate had regular audits and could produce/maintain an ISO 27001 document demonstrating compliance, with additional assurances of data encryption at rest, that should also comply with your audit requirements. This is something you will get from any data center provider if they are hosting your stuff.
But without knowing what your data at rest compliance requirements are, getting you an exact solution to your compliance needs may be elusive.
well I already have external server in place which used git-crypt to store config and generates email for every change done in firewall with source ip and username.
it took around 2 months to design this solution using dozens of open source modules. only problem is that keyless ssh is used which is not safe when firewall is in picture.