[Box Backup] BoxBackup as a security tool

Per Thomsen boxbackup@fluffy.co.uk
Thu, 16 Dec 2004 09:01:35 -0800


On 12/16/04 8:21 AM, Joe Krahn wrote:

> I was just looking at some security stuff for intrusion monitoring by 
> tools like Tripwire and AIDE, and realized something: BoxBackup does 
> file change monitoring, AND stores the filesystem state on a remote 
> machine which could be configured for boxbackup access but not login 
> access.
>
> This means that boxbackup could easily be a superior file-change 
> monitoring system without much effort. Also, backups and intrusion 
> monitoring are the two most neglected-but-important tools. Add a few 
> security monitoring features to boxbackup, and you cover both at once.
>
> All in favor? opposed?

I'm opposed. Boxbackup is a backup tool, and should keep its focus IMO.

Also, at least in the way I use box, it wouldn't help protect me very 
much. I don't back up the places that have the greatest potential for 
attack: /sbin:/usr/bin:/proc:/lib:/usr/lib etc... I back up data 
directories, but not really a lot of the system related stuff.

If you were using box as a 'whole-machine' backup solution, I could see 
some merit. I still think this should be low on the priority list.

My $0.02,
Per

-- 
Per Reedtz Thomsen | Reedtz Consulting, LLC | F: 209 883 4119
V: 209 883 4102    |   pthomsen@reedtz.com  | C: 209 996 9561
GPG ID: 1209784F   |  Yahoo! Chat: pthomsen | AIM: pthomsen