Re: Question about rsync

Unruh wrote:
Jack Snodgrass <jacks_temp_id_bf2142@xxxxxxxxxxx> writes:

<snip>

If you use rsyncd, it's faster ( non-ssh ) and you can do

It is faster because it is unencrypted. Not a great idea if you are backing
up unless you do not care if everyone can read the stuff being transfered.


Unencrypted transfers are only faster than encrypted ones if the bottleneck is processor speed, rather than link speed (or if you are passing compressible data over a link that does transparent compression, such as openvpn or ssh -C, since encrypted data is uncompressible). For many online backup operations, the link is the bottleneck, so encryption is free.

However, the idea of "always use encryption because everyone can read the data being transferred" is basically FUD in most cases. If you've got a backup running between two sites, then the data moves from the one server, through your switches and gateways on to your ISP, through the internet infrastructure, and back out at the other side. At what point is it realistic to think that an attacker would be listening in to this traffic? It is *very* difficult to compromise the security of a decent ISP in order to sniff out traffic like that - hacking into the trunk internet exchanges would be even harder. Even if you managed it, with rsync you only get bits of changed data - you'd need to monitor the line (capturing enormous quantities of data) for months to get anything sensible. It is *vastly* easier for an attacker to use other methods (bribe one of your IT staff, for example, or steal some login passwords) if they want to get your data. So unless you are doing a backup of a nuclear missile design, encryption on an rsync backup will only make a realistic difference if your network topology is such that the traffic is accessible by more people (such as the notorious "disgruntled employee").

Of course, since encryption here is free, it is still worth using even for its tiny real-world benefits. If nothing else, it keeps you in the habit for when it *does* matter.

Security is a process, and it starts with thinking about the situation, not with automatic rules that must always be applied at all times.
.

Relevant Pages

  • Re: Encrypted transfers to/from vendors
    ... Some actually don't like -encrypted- transfers because they can't ... detect and filter malware. ... point encryption is in place as the auditors and 'experts' insist. ... We don't have to care, ...
    (bit.listserv.ibm-main)
  • ssh vs. rsh speed difference
    ... I have a client-server application which transfers much data ... via scp and it's taking a long time, ... How do I turn encryption off in OpenSSH 3.9 to test this ...
    (comp.security.ssh)
  • Re: 2 GB for free online backup
    ... Thanks for all the replies, Larry, David, and R.McCarty. ... Server data backup. ... PS--any reputable company uses customer-controlled encryption and the ...
    (microsoft.public.windowsxp.general)
  • Re: decrypt help...
    ... > i've tried re-establishing a user account with the same name as when i ... then importing the cert/key combo into that account ... You would need a backup of the user profile and machine system state as well ... >> a slippery slope that most stay as far away from encryption as possible. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: 2 GB for free online backup
    ... Removable hard drives two of them, best if encrypted, are a much better ... Server data backup. ... PS--any reputable company uses customer-controlled encryption ...
    (microsoft.public.windowsxp.general)