Re: Backup Agents

[Philip Storry <phil () philipstorry net>]

Hello Geo,

Thursday, March 20, 2003, 11:54:00 PM, you wrote:

G> Has anyone ever studied how secure backup agents are in the context
G> of using them on web servers?

Or any other kind of server, for that matter.

G> Seems to me a backup agent is designed to get information (all
G> information) out of a system, so I was wondering if anyone had ever
G> researched how secure the connection between a backup server and a
G> machine running a backup agent is.

A good question. Most of the ones that I've seen have at least the
facility for password authentication, if not username/password. But
how string the implementations are is not something I could comment
on.

G> How hard it would be to exploit the backup agent and that sort of
G> thing.

> From outside an organisation? The answer should be "very". To be
absolutely honest, access to this sort of thing should be blocked by
the firewall. Most firewalls start by blocking everything, and then
allow you to say what you will accept - that is to say that they
effectively "whitelist" incoming traffic.

So webservers should only be allowing traffic that was established by
a connection to port 80. Therefore, they should not be vulnerable to
such attacks.

However, you have an interesting premise there. If you can get onto
the network, I can certainly see how knowledge of a flaw in a backup
agent could allow you to copy any file from any server you can
contact that runs that backup agent. Which could be a huge disaster.
But even more of a disaster is that such backup agents also offer
restore facilities - so you could also overwrite any file you liked on
the server.

A very interesting premise. ;-)

-- 
Best regards,
 Philip                            mailto:phil () philipstorry net