Hi, I understand that there is a risk for any application on the Internet. Heck, even Nginx and Apache has a certain risk.
I'm trying to gage the amount of risk based on the security of the director. My understanding is that I would need to expose a TLS socket which no one can interact with without an acceptable key. That said, I understand that if one of my client is compromised, then the attacker would have a foothold on the director. Should this be a concern? Can a "rogue" file client really do any damage other to its backup? I guess it could try filling the storage pool. Or am I being paranoid? Cheers, On Fri, Sep 24, 2021 at 2:36 PM Spadajspadaj <[email protected]> wrote: > In case of multi-location setup you need to think about ways of limiting > access and connection direction. > > I have a "reverse" setup - I needed passive clients so I can initiate > connections from director/sd _to_ fd. You might need the opposite, as I > see, so it's pretty standard. > > There is _always_ a risk when you're putting something open to the > internet so if you want to limit your exposure, think about filtering the > traffic on the network/OS level (limiting access to bareos ports only to > specific addreses) and of course you can always think about setting up a > VPN between your locations. > On 24.09.2021 09:25, Florian Panzer - PLUSTECH GmbH wrote: > > We're runnig this setup (public director + client initiated fd > connections) with overall success. > No problems so far - apart from the usual* ;) > > I'm sure nobody will gurarantee that there are no security flaws - there > most like are. > > > *) bareos-dir crashing on typo in config followed by reload > *) bareos-dir crashing because it's tuesday > > Florian Panzer > > ----------------------------------- > PLUSTECH GmbH > Jäckstraße 35 > 96052 Bamberg > Telefon: +49 951 299 09 716https://plustech.de/ > Geschäftsführung: Florian Panzer > Amtsgericht Bamberg - HRB 9680 > ----------------------------------- > > Am 24.09.21 um 02:51 schrieb Alexandre Denault: > > Hi, > > I’m working on a somewhat complicated Bareos setup and it would be must > simpler/easier to host the Bareos Director over the Internet. Combined with > Active Storage and File clients, it would simplify my multisite setup > greatly. > > That said, is the Bareos Director robust enough to be hosted over the > Intenet? Is it secure? I would assure that any client without a private key > recognized by the Director would not be able to interact with it. > > Thanks, > > Alex > -- > You received this message because you are subscribed to the Google Groups > "bareos-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/08188095-4800-413c-88b7-ccc66bc57bacn%40googlegroups.com > <https://groups.google.com/d/msgid/bareos-users/08188095-4800-413c-88b7-ccc66bc57bacn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "bareos-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/4847a7d9-edf1-fb2e-be89-57b73be58bbc%40plustech.de > <https://groups.google.com/d/msgid/bareos-users/4847a7d9-edf1-fb2e-be89-57b73be58bbc%40plustech.de?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to a topic in the > Google Groups "bareos-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/bareos-users/7P_SZrWBJ8U/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/02211794-f8b3-6c7e-17fc-28e38f377bb4%40gmail.com > <https://groups.google.com/d/msgid/bareos-users/02211794-f8b3-6c7e-17fc-28e38f377bb4%40gmail.com?utm_medium=email&utm_source=footer> > . > -- Alexandre Denault Senior Director, Technology Operations Ludia Inc. -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/CALT3ydaxDaZYy4Eg3QptEz_%2Bo8UXsEt87DJfUwFzzVy_AKWBog%40mail.gmail.com.
