Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Bacula security

2013-07-01 11:35:08
Subject: Re: [Bacula-users] Bacula security
From: Jérôme Blion <jerome.blion AT free DOT fr>
To: bacula-users AT lists.sourceforge DOT net
Date: Mon, 01 Jul 2013 17:32:33 +0200 
Le 2013-07-01 17:07, Martin Simmons a écrit :
>> It can be secured via ACL too.
>> You can manage what a client has access to.
>> 
>> And so, ensure no critical data pieces can be stolen through that 
>> way.
> 
> Yes, that works as long as the Director is secure -- otherwise the 
> attacker
> can just write their own ACL.
> 
> __Martin

Hello,

Obviously, if you can't trust your director anymore, you can consider 
all your clients AND YOUR DATA PIECES are not safe anymore. So, to 
harden the infrastructure :
  - secure the director at any cost
  - secure the console access from clients (FD) (ACL, or easiest, no 
console access)

To speak about storage daemon, you have to be sure that even in the 
case data files could be retrieved, nobody will be able to read them. 
That means that if you are paranoïd, your tapes (physical or virtual) 
have to be crypted.

HTH.
Jerome Blion

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Bacula security, Josh Fisher
Next by Date:  Re: [Bacula-users] Bacula security, Kern Sibbald
Previous by Thread:  Re: [Bacula-users] Bacula security, Martin Simmons
Next by Thread:  Re: [Bacula-users] Open Source Backup Conference 25th of September in Cologne, cfp now open, Kern Sibbald
Indexes:  [Date] [Thread] [Top] [All Lists]