Re: [Bacula-users] Bacula security
2013-07-01 07:10:22
>>>>> On Sat, 29 Jun 2013 07:24:36 -0700, Grant said:
>
> I'm currently pushing backups from each system to a central backup
> server via rdiff-backup. However, I realized that push backups are
> not safe because if one of the systems is compromised, the infiltrator
> could delete all of that system's backups with a command like this:
>
> rdiff-backup --remove-older-than 1s [email protected]::/path/to/backup
The Bacula client can't delete its own backups, so it is safe against that
problem.
> Pull backups don't seem secure because if the central server is
> compromised, the infiltrator would have root read privileges on every
> backed-up system and would thereby be able to gain root access to
> those systems.
Bacula does have root read (and write) privileges on every backed-up system,
but you can encrypt the backups before sending them to the central server.
Bacula can also sign the backups, so the client can verify that a restore
doesn't contain modified data. You still have to keep the encryption/signing
keys secure of course.
__Martin
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Bacula-users] Bacula security,
Martin Simmons <=
|
|
|