Some users here have asked about how secure Retrospect is.
Specific points of concern are how secure is security code password
that is stored by the Retrospect client and as well by the Retrospect
server (for scripted operation)? Why are the passwords displayed in
clear text when they are first setup in the client?
How secure is the data that is being backed as it passes over the
network? For example, if I choose to have DES encryption on the tape,
is that DES implemented on the server as data is about to be written
to the tape or has the data already been DES encrypted on the client
side? I assume it can't be the latter since if the password to the
tape is being used as the key, the client only has the security code,
not the tape password.
Anyone running Retrospect with a security code to a client could back
up it to take data off and then alter this data and then return the
altered data to the client. Aside from this security code and
blocking the TCP ports that Retrospect uses (via a router/firewall),
are there any other ways to prevent an unauthorized copy of
Retrospect from engaging in backup and retrieval? For example, what
about the client knowing the IP identify of the server and rejecting
any server not having that IP address?
--
--
Maurice Volaski, [EMAIL PROTECTED]
Computing Support, Rose F. Kennedy Center
Albert Einstein College of Medicine of Yeshiva University
--
----------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives: <http://list.working-dogs.com/lists/retro-talk/>
Problems?: [EMAIL PROTECTED]
