Re: Backup Agents
From: Pavel Kankovsky (peak@argo.troja.mff.cuni.cz)
Date: 03/24/03
- Previous message: D.C. van Moolenbroek: "Re: ptrace in linux kernel"
- In reply to: Geo.: "Backup Agents"
- Next in thread: Scott Harrington: "RE: Backup Agents"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Mar 2003 23:35:06 +0100 (MET) From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> To: vuln-dev@securityfocus.com
On Thu, 20 Mar 2003, Geo. wrote:
> [...] so I was wondering if anyone had ever researched how secure the
> connection between a backup server and a machine running a backup
> agent is. [...]
Some superficial observation I made regarding two "enterprise" backup
systems (I will call them A and B) a while ago:
1. Agent A: connection not encrypted, the agent insists on getting the
root's password in plaintext (!) from the server.
2. Agent B: connection not encrypted, based on Sun RPC, using the weak
Unix authentication perhaps "strengthened" with the check of the peer's
IP address.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- Previous message: D.C. van Moolenbroek: "Re: ptrace in linux kernel"
- In reply to: Geo.: "Backup Agents"
- Next in thread: Scott Harrington: "RE: Backup Agents"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
