ADSM-L

Re: Backing up a server through a firewall

1999-01-22 10:38:45
Subject: Re: Backing up a server through a firewall
From: Alan White <arw AT TIPPER.DEMON.CO DOT UK>
Date: Fri, 22 Jan 1999 15:38:45 -0000
Mathew/Robert

Our security guys were pretty paranoid about this. Opening up port 1500 (or
any other) which allows access to the ADSM server for the baclient also lets
the saclient in. We're into multiple 'ifs' now however if someone gets on to
a box outside the firewall which is backing up to a server inside they can
start guessing at admin logon passwords on the server. If they are lucky
enough to guess a 'system' id then they can trash everything. They could
also schedule a one-time command as root (or NT administrator) on all other
registered clients, it gets messier.....

If they can't get an admin logon they could do lots of nasty things to the
box they are just with the baclient and -virtualn=hostname password
guessing, regardless of the id they got on as.

Unfortunately there are people like that ;-(

OK, we can set invalid logon attempts at 3 or something then lock the ids
but all we are doing is minimising the risk, not eliminating it.

Regards
Alan