Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Backup of DMZ Servers

From: "Stiennon,Richard" <richard.stiennon () gartner com>
Date: Fri, 1 Jun 2001 07:39:39 -0400 
It's hard to hack into a SCCSI port or fiber channel port on a Storage Area
Network. As for poisoning files that are backed up, how do you get them to
execute from a tape drive? 

 -R Stiennon


-----Original Message-----
From: Scott Armstrong [mailto:sailnit () slip net]
Sent: Thursday, May 31, 2001 6:08 PM
To: firewall-wizards () nfr com
Subject: RE: [fw-wiz] Backup of DMZ Servers



Netbackup to a private backup network.  The backup network is not 
accessible from anywhere, except through a console connection.


If the backup network isn't accessible from anywhere except a 
console connection, how do the backup clients connect to the backup 
server?  If they have interfaces plugged into the backup network 
(they must) and the systems are accessible from a network other 
than the backup network (they will be), then I just hack into 
any system from one of these other networks and I have access to all 
of the systems on the backup network.  And I don't need to go 
through a firewall to get to them.

I prefer the "tar up the files and scp them to the backup server"
method.

Scott

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: