Vulnerability Development mailing list archives

Re: Backup Agents

From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Mon, 24 Mar 2003 23:35:06 +0100 (MET)

On Thu, 20 Mar 2003, Geo. wrote:

[...] so I was wondering if anyone had ever researched how secure the
connection between a backup server and a machine running a backup
agent is. [...]


Some superficial observation I made regarding two "enterprise" backup
systems (I will call them A and B) a while ago:

1. Agent A: connection not encrypted, the agent insists on getting the
root's password in plaintext (!) from the server.

2. Agent B: connection not encrypted, based on Sun RPC, using the weak
Unix authentication perhaps "strengthened" with the check of the peer's
IP address.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Current thread:

Backup Agents Geo. (Mar 21)
- Re: Backup Agents Philip Storry (Mar 24)
  - RE: Backup Agents john blumenthal (Mar 24)
- Re: Backup Agents Pavel Kankovsky (Mar 24)
- <Possible follow-ups>
- RE: Backup Agents Scott Harrington (Mar 25)