Vulnerability Development mailing list archives
Re: Backup Agents
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Mon, 24 Mar 2003 23:35:06 +0100 (MET)
On Thu, 20 Mar 2003, Geo. wrote:
[...] so I was wondering if anyone had ever researched how secure the connection between a backup server and a machine running a backup agent is. [...]
Some superficial observation I made regarding two "enterprise" backup systems (I will call them A and B) a while ago: 1. Agent A: connection not encrypted, the agent insists on getting the root's password in plaintext (!) from the server. 2. Agent B: connection not encrypted, based on Sun RPC, using the weak Unix authentication perhaps "strengthened" with the check of the peer's IP address. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Backup Agents Geo. (Mar 21)
- Re: Backup Agents Philip Storry (Mar 24)
- RE: Backup Agents john blumenthal (Mar 24)
- Re: Backup Agents Pavel Kankovsky (Mar 24)
- <Possible follow-ups>
- RE: Backup Agents Scott Harrington (Mar 25)
- Re: Backup Agents Philip Storry (Mar 24)