I could see where this could come into play in compliance and mutli-tenant
situations.
It wouldn't hurt to have access masks on the client side as far as allowed
directories and / or functions like run commands, maybe even a way to set
the client read-only without explicit client action like turning it back
off first in the client config. That would fix a lot of the potential
issues that are left after encryption I suspect when the backup team is not
considered a trusted actor.
For reference, spacewalk / RHN do this already to a degree with the client
commands. The client does not consider the central point as a trusted actor
and they must be explicitly enabled.
-Blake
On Fri, Sep 6, 2013 at 5:27 PM, Kern Sibbald <k...@sibbald.com> wrote:
> Bacula is designed with as much security in mind as
> I knew/know about. Perhaps you haven't yet had the time
> to read the manual, but aside from not letting a "user" get access
> to the Director, you can encrypt all the communications, you can
> also run the FD in backup only mode, and restart it in read/write mode
> if you want to restore something. There are many other things
> you can do as well.
>
> In most cases, it is easier to get root access to a Linux
> system than it is to exploit a properly configured Bacula,
> especially if you are running a web server on your machine.
> If a user has root access he doesn't need Bacula
> to get what he wants.
>
> If you have some specific suggestions for improving
> Bacula's security (and I suspect there are many things
> to do, some of which I am implementing now), I suggest
> you mention them.
>
> Kern
>
> On 09/06/2013 08:18 PM, stefano scotti wrote:
> > 2013/9/6, Kern Sibbald <k...@sibbald.com>:
> >> Hello,
> >>
> >> The only security issue is that a "user" should not have access
> >> to the Bacula Director. Only qualified sys admins should have
> >> such access.
> >>
> >> Best regards,
> >> Kern
> >>
> >>
> > That's not true.
> >
> > There are other security issues related to the fact that TCP bacula
> > stream could be altered by malicious attackers using one or more of
> > the network attacks known today (and they are a lot).
> >
> > The problem here is that bacula on client machines has more permission
> > than it needs, and this vulnerability could be exploited even if the
> > attacker is not able to exploit the bacula server system. This is a
> > fact.
> >
> > And even if it wasn't like that, let's suppose (a false thing) that
> > the attack could start only by exploting the bacula server machine.
> > Can you please tell me why an exploted system has to have freely
> > access to the keys which could exploit every system of its network?
> > Is it right to considering Bacula the centralized point of security of
> > an entire network system? what if it fails?
> >
> > Accountability and access control are main security matters, and
> > currently Bacula isn't implementing them very well on this specific
> > question.
> >
> > We shouldn't justify the current architecture just because it is
> > easier to maintain it in the way it is.
> > I'm not saying that designing some sort of criteria which limits
> > bacula permissions is an easy task, we everybody know that security
> > itself is not an easy task.
> >
> > But i'm sure of a thing, it could be done, and it could be done well
> > if somebody focuses in that.
> > I'm sure of another thing, it will never be better if everybody will
> > keep saying that nothing can be done about it.
> >
> > I hope bacula's designer will take care of that, because it IS an issue.
> >
> > Meanwhile your should, at least, worry about your bacula server and
> > your network hardening , because you really need it.
> >
> > I suggest you the use of VPN tunnels.
> >
> >
> ------------------------------------------------------------------------------
> > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> > Discover the easy way to master current and previous Microsoft
> technologies
> > and advance your career. Get an incredible 1,500+ hours of step-by-step
> > tutorial videos with LearnDevNow. Subscribe today and save!
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Bacula-devel mailing list
> > Bacula-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bacula-devel
> >
>
>
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
> _______________________________________________
> Bacula-devel mailing list
> Bacula-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-devel
>
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
