This is only tangentially related to Amanda, but it seemed worth
posting to the list to get others' input.
On Thu, Sep 18, 2003 at 03:02:23PM -0300, Bruno Negrão wrote:
> I have an amanda server on my DMZ and i like it to backup my firewall
> machine(the amanda client).
Are you *really* sure you want to do this? The security
implications are pretty frightening! If an intruder takes over
your Amanda server, they can hack Amanda to write corrupted
backups. They might stick a trojan into the backup, then wait
for you to restore from it. Ok, that's pretty far-fetched, but
how about this?
An intruder who takes over a machine on the DMZ can use it to
stage attacks on the firewall. Because you've opened up ports on
the firewall to accept Amanda-related connections from the DMZ
Amanda server, you've given the intruder more ports to attack.
Worse yet, because you have an Amanda client on the firewall,
configured to accept connections from the DMZ server, an intruder
can exploit any security problems (buffer overruns etc.) in
Amanda itself!
At the very least, an intruder who takes over your Amanda server
can grab a full backup of the firewall machine -- including the
firewall rules, which they can then study to look for holes.
It seems to me to be *much* safer to put the Amanda server on
your internal network and have it reach *out* through the
firewall to the DMZ machines. (You still weaken your firewall's
security this way, but not nearly as much, because the Amanda
server itself is now much less subject to attack.)
--
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont. erics AT telepres DOT com
| | /
When I came back around from the dark side, there in front of me would
be the landing area where the crew was, and the Earth, all in the view
of my window. I couldn't help but think that there in front of me was
all of humanity, except me.
- Michael Collins, Apollo 11 Command Module Pilot
|
