ADSM-L

Re: firewall and security

1998-09-09 11:45:27
Subject: Re: firewall and security
From: Kells Kearney <kells AT WINTERLAND.MAINLAND.AB DOT CA>
Date: Wed, 9 Sep 1998 09:45:27 -0600
david de leeuw david@bgumail wrote:

> We need to back up sensitive data from a client behind a firewall, managed
> by a security minded manager.
>
> The adsm server is not behind the firewall.
>
> Can I show that:
>
> 1. data backed up to a adsm server is save from access by others
>
> 2. the "hole" in the firewall can not be exploited by hackers
>
>               firewall
>
>   secure        |
>   system ------------------adsm server -------other adsm clients
>   client                       |
>                                |------ internet

  1.  The data backed up by the ADSM server in your diagram is almost
      certainly NOT secure, and is even more insecure depending upon how
      the machine is set up.  Trivially, a denial of service attack can remove

      the ADSM server from the picture for extended periods of time.  An
      attack on the ADSM server where the intruder gets root/adminisrator
      access means that the ADSM database, device configuration list and
      inventory list can be completely scrubbed, and each of the tapes in the
      library can be scrubbed.  A nastier attack would be to nuke ADSM,
      and scrub each of the tapes in the library and reboot  -- your clients
      can 'see' what they backed up (because it's in the database), but none
      of the tapes can be mounted because the labelling AND the data are
      gone!

  2. What hole in the firewall?  Do you mean to say that you want the
      unprotected ADSM server to back up clients behind the firewall???
      YIKES!!!


    I think that your architecture isn't paranoid enough.  For instance, why
not burn
CD ROMs that represent the contents of the machine's disks (though there
shouldn't
be much data or programs on an insecure machine) BEFORE placing the machine
outside the firewall.  That raises another point, why isn't the machine in the
DMZ?

      internet
         |
         |
      firewall  ----- (De Militarized Zone network containing)
        |                      system clients
        |                       external web server
        |                        etc
        |
       intranet

      In this architecture, the client that you have isn't sitting directly in
the line of
 fire, and so represents a much harder target.

     If I were you, I would try to evaluate why I have backup requirements to
an insecure (ie in the DMZ or *sigh* outside the firewall) client.  Ideally,
any
machine inside the DMZ should be able to be 'sacrificed' (ie recreated from
scratch after an intrusion) and should NOT have trusted access to your
intranet.

   I think that you should contemplate getting a security expert to help you
evaluate, with your client, what the priorities are, what is the acceptable
risk, and
what other requirements there are.  If the client's manager is security
minded,
he/she will appreciate your thoroughness in bringing in someone else to
oversee
the security aspects.

  IMHO, backup and security requirements for machines inside the DMZ should
thoroughly examined before using ANY backup product, especially a centralized
backup product.

   Anyway, that represents my CAN$ 0.02 + applicable taxes and duties.  Hope
that it helps, and good luck!


kells

Any coincidence of opinion between myself and Mainland Information Systems is
exactly that.
<Prev in Thread] Current Thread [Next in Thread>