Re: Amanda Security

Subject:	Re: Amanda Security
From:	Greg Troxel <gdt AT ir.bbn DOT com>
To:	Mike <miket AT silvercrk DOT com>
Date:	13 Apr 2005 17:21:04 -0400

Also, it should be possible to use IPsec, and require all
communication between the backup server to the client to be in ESP.
This should ensure that only packets in ESP, and hence authenticated,
are presented to the IP stack, making the IP-based acl reliable.

A wrinkle is that amanda uses hard-to-predict ports, but the same
option that constrains those for firewalling should help for this.  Of
course, if you have a restricted SPD, then you also have to ensure
that amanda drops packets not from the expected port range, and since
this wasn't  written as a security feature I wouldn't count on that.


-- 
        Greg Troxel <gdt AT ir.bbn DOT com>

<Prev in Thread]	Current Thread	[Next in Thread>
Amanda Security, Mike Re: Amanda Security, Brian Cuttler Re: Amanda Security, Mike Re: Amanda Security, Toomas Aas Re: Amanda Security, Brian Cuttler Re: Amanda Security, Jon LaBadie Re: Amanda Security, Greg Troxel Re: Amanda Security, Paul Bijnens Re: Amanda Security, Greg Troxel Re: Amanda Security, Greg Troxel <= Amanda security, vlpg

Previous by Date:	Re: Amanda Security, Greg Troxel
Next by Date:	Re: estimates, Stefan G. Weichinger
Previous by Thread:	Re: Amanda Security, Greg Troxel
Next by Thread:	Amanda security, vlpg
Indexes:	[Date] [Thread] [Top] [All Lists]