BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] Backup PCs behind an ADSL router

2015-03-20 07:42:01
Subject: Re: [BackupPC-users] Backup PCs behind an ADSL router
From: Adam Goryachev <mailinglists AT websitemanagers.com DOT au>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Fri, 20 Mar 2015 22:40:27 +1100 

On 20/03/2015 22:21, Antonio Sanguigni wrote:
> 2015-03-20 0:39 GMT+01:00 Adam Goryachev <mailinglists AT websitemanagers.com 
> DOT au>:
>
>> That is certainly one method. I would prefer one of the following options:
>> 1) Configure SSH server on one of the machines (server), then use ssh
>> tunneling+ rsync to connect to each client (only single exposed port,
>> all traffic is encrypted, downside is overhead on the one machine
>> picked. Some potential benefits from ssh compression.
> They are mainly Windows clients, not server and nor Linux. Is it
> possible to have ssh server working good also for Windows ? Further,
> Backuppc can use this kind of configuration or will I have to manage
> rsync ?
Yes, ssh can work under windows. See cygwin.com for details.
>> 2) Use a VPN, then just talk directly to the clients like they were on
>> the LAN
> I think this is a bit difficult. They are my customers' pc so it is
> not always possible.
Yet it is possible to install rsync? ssh is IMHO a fundamental component 
to allow the customers backups to work securely. It protects their data 
from snoops (admittedly limited to a man in the middle), as well as 
restricting access to potential attacks which could compromise their 
entire system (eg, customer database, credit card details, etc depending 
on the type of client), and also protecting them from malicious damage 
(deleting, corrupting, or other attacks on the data).

>> If you do expose rsyncd directly to the Internet, then I would suggest
>> that you restrict the source IP addresses if possible.
> Is it enough "host allow" per share in rsync.conf file ?
The question isn't whether it is enough. Every system can and will be 
attacked eventually, especially if they are a target for some reason. 
The CIA would not be happy with this level of security, but the hair 
dressers might, but the hairdressers clients may not.

I would suggest to at least make use of this in combination with the 
firewall built into the router, and/or the windows firewall. If you only 
have rsyncd protection and there is some bug in rsyncd which can be 
exploited prior to the IP check, then you are hosed.
Regards,
Adam

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] Backup PCs behind an ADSL router, Antonio Sanguigni
Next by Date:  Re: [BackupPC-users] Setup of rsync via SSH with unprivileged user 'backuppc', Wolfgang Karall
Previous by Thread:  Re: [BackupPC-users] Backup PCs behind an ADSL router, Antonio Sanguigni
Indexes:  [Date] [Thread] [Top] [All Lists]