Re: Question about rsync
- From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
- Date: Sat, 22 Mar 2008 18:47:00 GMT
David Brown <david.brown@xxxxxxxxxxxxxxxxxxxxxxxxxx> writes:
Unruh wrote:
Jack Snodgrass <jacks_temp_id_bf2142@xxxxxxxxxxx> writes:<snip>
If you use rsyncd, it's faster ( non-ssh ) and you can do
It is faster because it is unencrypted. Not a great idea if you are backing
up unless you do not care if everyone can read the stuff being transfered.
Unencrypted transfers are only faster than encrypted ones if the
bottleneck is processor speed, rather than link speed (or if you are
No, unencrypted transfers are always faster but the speed difference is
negligible if the link is the slowest item.
passing compressible data over a link that does transparent compression,
such as openvpn or ssh -C, since encrypted data is uncompressible). For
many online backup operations, the link is the bottleneck, so encryption
is free.
However, the idea of "always use encryption because everyone can read
the data being transferred" is basically FUD in most cases. If you've
got a backup running between two sites, then the data moves from the one
server, through your switches and gateways on to your ISP, through the
internet infrastructure, and back out at the other side. At what point
is it realistic to think that an attacker would be listening in to this
"through your switches and gateways on to your ISP, through the
internet infrastructure, and back out at the other side"
traffic? It is *very* difficult to compromise the security of a decent
ISP in order to sniff out traffic like that - hacking into the trunk
internet exchanges would be even harder. Even if you managed it, with
It depends on who is doing the sniffing. "Reading passport applications" is
even harder.
rsync you only get bits of changed data - you'd need to monitor the line
(capturing enormous quantities of data) for months to get anything
sensible. It is *vastly* easier for an attacker to use other methods
Nonesense. Any file you created today is sent out in its entirety.
(bribe one of your IT staff, for example, or steal some login passwords)
if they want to get your data. So unless you are doing a backup of a
nuclear missile design, encryption on an rsync backup will only make a
realistic difference if your network topology is such that the traffic
is accessible by more people (such as the notorious "disgruntled employee").
Of course, since encryption here is free, it is still worth using even
for its tiny real-world benefits. If nothing else, it keeps you in the
habit for when it *does* matter.
Yes. Precisely.
Security is a process, and it starts with thinking about the situation,
not with automatic rules that must always be applied at all times.
And as a process it should not be such that it needs to be thought about
each time it is used. It should be robust, even to human forgetfulness.
Making it a habit is part of that process.
.
- Follow-Ups:
- Re: Question about rsync
- From: David Brown
- Re: Question about rsync
- References:
- Question about rsync
- From: Jim T. Kirk
- Re: Question about rsync
- From: Jack Snodgrass
- Re: Question about rsync
- From: Unruh
- Re: Question about rsync
- From: David Brown
- Question about rsync
- Prev by Date: A few places left at Embedded LInux Workshop
- Next by Date: Re: VNC - how to accelerate
- Previous by thread: Re: Question about rsync
- Next by thread: Re: Question about rsync
- Index(es):
Relevant Pages
|
