On 9/10/2013 3:43 AM, Steve Lee wrote:
Josh
"would allow the attacker to restore and steal any backed up file from
any and all clients."
This scenario can be completely avoided by encrypting the backup
volumes on the client.
Under normal circumstances, I agree. But in the case of a compromised
Dir, the danger is that it may be possible to restore a different key
file or a different FD config file to the client, causing future backups
to be encrypted with a known key or not encrypted at all.
The scriptsdirectory feature would be helpful to us.
Yes. I didn't mean to imply that it had no use. It certainly will be
useful to prevent, say a rogue sysadmin, from running arbitrary commands
on the client. I believe that to be the bigger risk. A perimeter attack
against a VM with only 3 open ports, all using encrypted comms, has very
little chance of success.
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
