[Box Backup] How to secure Box Backup on Windows clients?

scott boxbackup@fluffy.co.uk
Thu, 21 Jun 2007 09:07:43 +1000 

Hi Chris,

You mentioned some time ago about a windows version of the server?

I am thinking of using this for another project where data can be viewed
from local media ie. DVD created on a linux machine under windows.

Single threading and no Housekeeping process would be well suited to this
application.

Can you send through some code or a link to some.

Thanks.
Scott.

-----Original Message-----
From: boxbackup-admin@fluffy.co.uk [mailto:boxbackup-admin@fluffy.co.uk] On
Behalf Of Chris Wilson
Sent: Thursday, 21 June 2007 6:38 AM
To: boxbackup@fluffy.co.uk
Subject: Re: [Box Backup] How to secure Box Backup on Windows clients?

Hi Pete,

On Tue, 19 Jun 2007, E.W. Peter Jalajas wrote:

> To summarize so far,
>    *key.pem
>    *cert.pem
>    *Keys.raw
>
> 1. must have Full Control (Modify, Read & Execute, Read, and Write) by
>    the Administrators and SYSTEM security groups (and maybe also the
>    Backup Operators group if you are using that), and
>
> 2. must have NO access by any other group.  (I'm guessing that the
>    SYSTEM group holds the "Local System account" Log On user under which
>    the Box Backup services runs.)

That seems reasonable, but I'd check that the System group actually 
contains the LocalSystem user, or whichever user the Box Backup service 
runs as.

> Now, let's move on to the executables (.exe), .dlls, bbackupd.conf, and 
> any home-grown batch files or scheduled tasks?  They:
>
>  1. must have Full Control (Modify, Read & Execute, Read, and Write) by
>     the above groups, and only the above groups, and

No need for LocalSystem or Backup Operators to have write access to those 
files. Only Administrators should.

>  2. may optionally be readable by anyone,
>
> --correct?

Yes, looks OK to me.

> (I'm guessing that a bad guy could stop [DoS] or crack the Box Backup 
> application/service, or do rogue restores, by modifying or running those 
> files.)

Yes.

Cheers, Chris.
-- 
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |
_______________________________________________
boxbackup mailing list
boxbackup@fluffy.co.uk
http://lists.warhead.org.uk/mailman/listinfo/boxbackup