RE: Trust an IP? (IPTables)

["Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>]

> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com 
> [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf 
> Of Daniel Linder
> Sent: Thursday, 1 May 2003 3:46 p.m.
> To: chris () devidal tv; firewall-wizards () honor icsalabs com
> Subject: Re: [fw-wiz] Trust an IP? (IPTables)
>
> > So is it safe to trust an IP to connect to one port,
> > ala the old r* tools?  If not, what is a good alternative?
>
> If you trust that all the networking equipment between your backup
> server and the client is secure then you are reasonably safe.
>
> A better solution might be to setup some sort of authenticated VPN
> connection between the client and backup server.  An IPSec/PPTP/L2TP
> VPN would be a much more secure way to achieve this.

This is a tricky question. I don't believe VPN will suit for backup
purposes because it'll add pretty big overhead and backups (usually)
need to be done as fast and reliable as possible.

Depending on your specific case, I would even recommend creating
physically separate network for backup purposes. With that you will get
high security as well as maximum bandwidth for backup jobs.

Even better solution is to use SANs, but they are expensive.

Best regards,

Bojan Zdrnja

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards