|
Re: [Networker] auth error after upgrade to 7.4.2
2009-02-25 15:05:43
On 26/02/2009, at 06:48 , Davina Treiber wrote:
Many users underestimate the power (or risk) of NetWorker. I have lost
count of the number of times I have found *@* in a NetWorker server's
administrator list, or clients with a blank servers file. Both of
these
are serious security risks.
I agree - most sites have insufficient network security to compensate
for a lack of security on trusted systems like NetWorker.
In the entire time I've been doing NetWorker consulting, I've only
once been to a customer site where the network was close to
sufficiently secure. (Yes, I've personally not had to visit defense
related sites, even though others I worked with did – I'm sure their
experiences were better.) In that site, within 5 minutes of plugging
my laptop into the network, the network team shutdown the port that I
was connected to on the switch because it was an unknown machine.
On so many other sites though, particularly as a consultant usually
with a test copy of NetWorker running on my laptop to check things out
or support customer issues, it would have been trivial – and I mean
completely and utterly trivial – to cause either (a) significant
issues or (b) retrieve significantly confidential information, simply
by acting as a backup server (making use of blank nsr/res), or by
talking to the backup server (by making use of *@*). Too often sites
were pseudo-aware of the security implications, but wanted the
"convenience".
I've reached the point where I feel that it's a design flaw to allow
the nsr/servers file to be unpopulated. Without at least one nominated
server name in there, I think that from a security perspective the
NetWorker client should be designed to refuse to send data. Yes,
warnings are well documented, etc., but sometimes I think you have to
take proactive measures to ensure people understand how important it
is to secure a centralised backup environment.
A nefarious individual connecting to an insecure NetWorker datazone
could retrieve practically any data they desired from any client, or
cause complete havoc (e.g., push out corrupt passwd/shadow files to
every Unix machine, or dodgy core DLLs to every Windows machine, etc.)
Is convenience really worth that level of insecurity?
--
Preston de Guise
"Enterprise Systems Backup and Recovery: A Corporate Insurance Policy":
http://www.amazon.com/Enterprise-Systems-Backup-Recovery-Corporate/dp/1420076396
http://www.enterprisesystemsbackup.com
NetWorker blog: http://nsrd.wordpress.com
Information is like a river – you can drink from it, you can swim in
it, or you can drown in it. Which do you choose?
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|
