On 20/03/2015 22:21, Antonio Sanguigni wrote:
> 2015-03-20 0:39 GMT+01:00 Adam Goryachev <mailinglists AT websitemanagers.com
> DOT au>:
>
>> That is certainly one method. I would prefer one of the following options:
>> 1) Configure SSH server on one of the machines (server), then use ssh
>> tunneling+ rsync to connect to each client (only single exposed port,
>> all traffic is encrypted, downside is overhead on the one machine
>> picked. Some potential benefits from ssh compression.
> They are mainly Windows clients, not server and nor Linux. Is it
> possible to have ssh server working good also for Windows ? Further,
> Backuppc can use this kind of configuration or will I have to manage
> rsync ?
Yes, ssh can work under windows. See cygwin.com for details.
>> 2) Use a VPN, then just talk directly to the clients like they were on
>> the LAN
> I think this is a bit difficult. They are my customers' pc so it is
> not always possible.
Yet it is possible to install rsync? ssh is IMHO a fundamental component
to allow the customers backups to work securely. It protects their data
from snoops (admittedly limited to a man in the middle), as well as
restricting access to potential attacks which could compromise their
entire system (eg, customer database, credit card details, etc depending
on the type of client), and also protecting them from malicious damage
(deleting, corrupting, or other attacks on the data).
>> If you do expose rsyncd directly to the Internet, then I would suggest
>> that you restrict the source IP addresses if possible.
> Is it enough "host allow" per share in rsync.conf file ?
The question isn't whether it is enough. Every system can and will be
attacked eventually, especially if they are a target for some reason.
The CIA would not be happy with this level of security, but the hair
dressers might, but the hairdressers clients may not.
I would suggest to at least make use of this in combination with the
firewall built into the router, and/or the windows firewall. If you only
have rsyncd protection and there is some bug in rsyncd which can be
exploited prior to the IP check, then you are hosed.
Regards,
Adam
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|