should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
On Mon, Mar 13, 2017 at 08:58:15PM -0700, David Christensen wrote:
> On 03/13/2017 05:38 AM, Dan Purgert wrote:
> >Currently, the system here is
> >
> > - every PC has a cronjob backing up $HOME to a central "server" (read -
> > repurposed PC with decent WD drives), just an rsync script that runs
> > daily.
>
> Don't forget security:
>
> 1. With a "push" arrangement (e.g. each workstation backs up itself to the
> server) -- if a workstation gets compromised, the backups are at risk.
>
> 2. With a "pull" arrangement (e.g. the server backs up all the
> workstations) -- if a workstation gets compromised, the backups should be
> safe (and might have clues about the intrusion). Additionally, the backup
> server can be completely firewalled (e.g. no open ports).
My understanding is that if there are no services listening on a port then
it cannot be accessed.
e.g.
http://serverfault.com/questions/733633/if-no-service-is-listening-on-a-port-can-a-system-still-be-accessed-using-that-p
An I missing something?
--
The media's the most powerful entity on earth.
They have the power to make the innocent guilty
and to make the guilty innocent, and that's power.
-- Malcolm X
Reply to: