-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 30 September 2003 11:07, Marc Cuypers wrote:
> Eric Siegerman wrote:
> > On Mon, Sep 29, 2003 at 12:06:48PM +0200, Paul Bijnens wrote:
> >>Marc Cuypers wrote:
> >>>Found the problem. The firewall blocked communication between taper and
> >>>dumper.
> >>
> >>That's strange, because there is no immediate communication between
> >>these two, as far as I know.
> >>
> >>Driver is connected with a pipe to each dumper and to taper-reader.
> >
> > I believe there is a dumper->taper connection, for direct-to-tape
> > dumps. That's how I read docs/PORT.USAGE, anyway -- see the bits
> > on stream_server() and stream_client(). But both of those
> > processes run on the same host, so it's still hard to see how a
> > firewall could get between them.
> >
> > Unless Amanda's running on the firewall machine itself -- which
> > I'd consider an unsafe idea anyway!
>
> This is the case. Can you tell me why this is unsafe? (Nobody is
> allowed to connect from the outside)
>
Penetrations do not all originate from 'outside'. Any services running on
the firewall that are not essential to its proper operation increase the
potential for compromise.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/fHMx+ShVRkQlJBIRApWwAJ97kAaQJpoevwBgdU5TuZJHtKOGigCgwXOo
fbKWhL1MG43QQV0dA/R+0Zk=
=7Eax
-----END PGP SIGNATURE-----
|