HBS3 security concerns

Backup, Restore, Netbak Replicator, Cloud Storage Services
Post Reply
TomTom
Getting the hang of things
Posts: 51
Joined: Mon Apr 28, 2008 2:44 am

HBS3 security concerns

Post by TomTom » Mon Oct 26, 2020 7:53 pm

Hi,
I'm trying to update my backup policy to include offsite backups.
A relative of mine also has a QNAP running and I plan to mutually backup files to the other NAS over VPN.
Local test using HBS3 so far is ok when I use QuDeDup (without that I see problems with RTRR eating up the available RAM).

Now my question regarding security:
  • When I configure the NAS and activate the rsync/rtrr server there is just the user RSYNC and its password.
  • During configuration of the source NAS only this password is asked, no other parameters.
  • I can select every shared folder as a destination, it seems
  • checking the backup files on the destination folder, the owner of this file is admin, so I assume the process can place the files everywhere
  • I tried a restore of normal files, generated by a normal user on the destination NAS, files where not produced by a backup
  • and now the critical point: the restore process just copied the plain files from the destination NAS to the source NAS
It seems to me that by starting the RTRR process you grant kind of admin access to the destination NAS (at least regarding file permissions).
How is it possible to avoid that?

I hope its just a silly question and not a problem in the security concept of HBS3.

Thanks for any ideas.
  • Device: TS-453D
  • Firmware: 4.5.1
  • HDD: 4xWD-RED 3TB, configured as Raid 5 in a storage pool

TomTom
Getting the hang of things
Posts: 51
Joined: Mon Apr 28, 2008 2:44 am

Re: HBS3 security concerns

Post by TomTom » Tue Nov 10, 2020 2:40 am

Is there a way to give the RTRR process different privileges in order to control which part of the remote NAS is read from or written to?
  • Device: TS-453D
  • Firmware: 4.5.1
  • HDD: 4xWD-RED 3TB, configured as Raid 5 in a storage pool

Post Reply

Return to “Backup & Restore”