Re: Question about rsync
- From: David Brown <david.brown@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 24 Mar 2008 15:21:23 +0100
Unruh wrote:
David Brown <david.brown@xxxxxxxxxxxxxxxxxxxxxxxxxx> writes:
got a backup running between two sites, then the data moves from the one server, through your switches and gateways on to your ISP, through the internet infrastructure, and back out at the other side. At what point is it realistic to think that an attacker would be listening in to this"through your switches and gateways on to your ISP, through the
internet infrastructure, and back out at the other side"
Again - at which point is it realistic to think an attacker will be listening here? Anyone with evil intent who has direct network access
At any of them. Lets take the ISP which has numerous employees, employees
who can be persuaded that their self interest involves sniffing your
traffic. If empoyees at the passport office can be persuaded that reading
candidates applications are in thier self interest, do you think ISP
emplyees are harder? Ane ethernet traffic is readable by anyone on the line
that traffic takes-- esp on the line connected to eitther end of the route.
I suppose my thoughts might be coloured by having a small ISP - I've probably talked to most of the employees at my ISP, and they are small enough that they will all know each other by name. Small size and familiarity in a group greatly reduces the chance of someone getting involved in such snooping - your are less likely to get such disgruntled employees in the first place, and it's normally harder to carry out the snooping. But even in a larger ISP, there are relatively few people with the physical access required to do the snooping. It's certainly possible - but I really can't see it being a big threat (unless, of course, you are a serious potential target, such as a bank).
I have never heard of data stolen by corrupt ISP employees. That doesn't mean it doesn't happen, but I think that if it were a common problem, it would be more publicised.
If I'm being naive, and this really is a realistic problem rather than just an IT security expert's healthy paranoia, then I'm happy to be corrected.
along this path has far more power than just sniffing rsync traffic - rsync sniffing is unlikely to be your major problem. Anyone looking for
False. Sniffing is by far the easiest thing to do.
Sniffing rsync backups will involve huge amounts of traffic, especially if you are talking about sniffing at an ISP or other backbone. It is no mean task trying to get the information you are looking for, even if you know the traffic passes along that particular route and is unencrypted. From what I've read on the rsync website, the rsync protocol is particularly non-intelligible, adding to your problems. It's certainly a lot harder than, for example, sniffing for pop3 logins.
On the other hand, getting access to data and files in a large company is scarily easy using some technology and some social engineering. Why bother trying to break into an ISP when you can park your car beside your target company and break into their wireless networks? Why sniff network lines when you can pose as a flower delivery man and read the boss's login name and password from a postit note on the secretary's monitor? Why bribe or blackmail an ISP employee for access when you can bribe or blackmail an employee at the target company and get exactly the data you want?
Again, I am *not* saying you should trust your ISP implicitly, especially when encrypting the traffic is so easy - merely that they are not normally a major concern, and there are other things to worry about first.
Have you read this book?
http://en.wikipedia.org/wiki/The_Art_of_Deception
Password cracking made easy:
http://www.theregister.co.uk/2004/04/20/password_surveys/
access to your files and who has this kind of physical access is probably going to find a faster and easier method.
The most important aspect of security is improving your weakest links - when you are at the stage that the easiest method(s) of attack is physical (such as stealing the servers), or personal (such as rubber hose cryptoanalysis), then your job as IT security is pretty much done
And protecting the communication lines is part of reducing things to that
minimum.
(for now!). It makes sense to take easy steps to increase security if
Precisely-- sending stuff out encrypted is very very very easy.
you can - an attacker might not have the same opinion about the easiest method(s) of attack as you. But if you can be confident that wire-tapping the network path between two computers is a minimal risk, then encrypting traffic along that path is not necessary.
And exactly how will you be confident of that?
Such risks are always estimates. But if I look at the network path between my home PC, via ADSL, to the gateway at my office, connected by ADSL to the same ISP, the traffic passes through a single router at my ISP. I am confident that they are not sniffing anything, and the path is so short that there is negligible risk of sniffing elsewhere on the path. (I still use a vpn - both to reduce the negligible risk even further, and to make it easier to set up safe an flexible access.)
Another example is using telnet on a local network. I've often heard people talk of the evils of telnet (or rsh), and how you should always use ssh because you don't want unencrypted passwords on a network. When your network runs around your 10-person office, it does not matter if the passwords are sent in plain text!
Remember, the huge majority of email in the world passes around as plain text, and most of it is collected using plain text logins (pop3). It's not encrypted, yet pop3 mailboxes are generally far less at risk than services like hotmail and gmail, which *are* protected by encryption.
traffic? It is *very* difficult to compromise the security of a decent ISP in order to sniff out traffic like that - hacking into the trunk internet exchanges would be even harder. Even if you managed it, withIt depends on who is doing the sniffing. "Reading passport applications" is
even harder.
People will try harder to beat systems if the rewards are greater - obviously the effort you make into securing a system is determined by the worth of the data, and the likelihood of an attack.
Passport data is worth something?
Not to me - but some people certainly think so. I suppose I should have written "if the *perceived* rewards are greater".
rsync you only get bits of changed data - you'd need to monitor the line (capturing enormous quantities of data) for months to get anything sensible. It is *vastly* easier for an attacker to use other methodsNonesense. Any file you created today is sent out in its entirety.
I'm not sure on that - the information on the rysnc website is not clear here, but it contains information about an algorithm aimed precisely at transferring only those parts of a file that have changed. Of course, for new files, that means the whole file.
You got it!
And stuff you changed today in a file can be very useful It is NOT just
what you changed,it is the whole block surrounding what you changed today.
rsync does not work on a letter by letter basis. It works on blocks.
In a great many cases, however, single files are of little use on their own. If you want to steal some software I've written, you'll get pretty bored waiting for all the files to be transferred via rsync as they are not all changed on a regular basis.
(bribe one of your IT staff, for example, or steal some login passwords) if they want to get your data. So unless you are doing a backup of a nuclear missile design, encryption on an rsync backup will only make a realistic difference if your network topology is such that the traffic is accessible by more people (such as the notorious "disgruntled employee").Yes. Precisely.
Of course, since encryption here is free, it is still worth using even for its tiny real-world benefits. If nothing else, it keeps you in the habit for when it *does* matter.
Security is a process, and it starts with thinking about the situation, not with automatic rules that must always be applied at all times.And as a process it should not be such that it needs to be thought about
each time it is used. It should be robust, even to human forgetfulness.
Making it a habit is part of that process.
I agree there - and it can make sense to make encryption of traffic a habit, and part of mandatory procedures. But I'm cautioning against complacency and lack of thought for the security needs of a given system - the idea that you *always* need strong encryption for any transfer can quickly lead to the mistake that strong encryption is all you ever need.
??? All crows are black. All black things are crows.
Strong encryption is cheap and easy. Why in the world waste time thinking
about aspects of the system which are cheap and easy to fix. It is a waste
of time better spent thinking about the real problems in security.
I know that *you* don't think that encryption is all that is needed to secure a system - but some people do. I've heard people say that their login system (web, mail, or whatever) is secure because it is encrypted, despite allowing "999" as a valid password. Encryption is one of many security tools, and it's normally an easy one to use. I guess I just react to the idea that "everyone can read your data if it's not encrypted", and want to say that encryption is useful, but not necessarily essential, and certainly not sufficient for security.
.
- References:
- Question about rsync
- From: Jim T. Kirk
- Re: Question about rsync
- From: Jack Snodgrass
- Re: Question about rsync
- From: Unruh
- Re: Question about rsync
- From: David Brown
- Re: Question about rsync
- From: Unruh
- Re: Question about rsync
- From: David Brown
- Re: Question about rsync
- From: Unruh
- Question about rsync
- Prev by Date: Re: Help: redirecting process input/output
- Next by Date: Re: Which option to enable during kernel setup for the NICs?
- Previous by thread: Re: Question about rsync
- Next by thread: Re: Question about rsync
- Index(es):
Relevant Pages
|
