BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] security headaches

2009-09-25 06:15:50
Subject: Re: [BackupPC-users] security headaches
From: Tino Schwarze <backuppc.lists AT tisc DOT de>
To: backuppc-users AT lists.sourceforge DOT net
Date: Fri, 25 Sep 2009 12:12:23 +0200 
On Fri, Sep 25, 2009 at 05:51:41AM -0400, Andrew Schulman wrote:

> Here's my problem:  I love having online backups, they're very
> convenient.  But they're a huge security problem.  All of the LAN's
> most sensitive files become readable by user backuppc, who can be
> attacked through the web application.  Worse, all of the files become
> readable by the BackupPC administrative user, and each host's files by
> that host's designated backup owner.  If any of these has a weak
> password, or if the BackupPC login doesn't run over SSL, or if the
> htdigest file is unprotected, then we give away the store.  Root
> security for the whole LAN becomes equivalent to a whole bunch of
> typically weaker links.
> 
> My question for you is, how are people addressing this problem?
> Enforcing strong passwords? Limiting the number of users with restore
> rights?  Segmenting your hosts into sensitive and less-sensitive
> files?

Our setup only has administrator access to the backup machine. It's
considered an isolated system where nobody has access, but
administrators. The web interface (which is optional, not neccessary
BTW) is SSL-secured and password protected, of course.

Backup storage is always a very security sensitive part of
infrastructure... And it's always a matter of balancing security vs.
ease of use.

Bye,

Tino.

-- 
"What we nourish flourishes." - "Was wir nähren erblüht."

www.lichtkreis-chemnitz.de
www.craniosacralzentrum.de

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [BackupPC-users] security headaches, Andrew Schulman
Next by Date:  Re: [BackupPC-users] Exclude Hidden files (Linux + SSH + tar), Holger Parplies
Previous by Thread:  [BackupPC-users] security headaches, Andrew Schulman
Next by Thread:  Re: [BackupPC-users] security headaches, dan
Indexes:  [Date] [Thread] [Top] [All Lists]