Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
View
Sort
Coming soon
Moderator of r/networking, speaking officially1 point · 1 day ago

No Home Networking Topics

Sorry, it appears that your thread is focused on Home Networking, or Networking topics not related to Business or Service Provider environments.
This is not compliant with our rules , and your thread has been removed.

Please visit one of these other, fine communities who might be more appropriate for this discussion:

/r/HomeNetworking
/r/Wireless
/r/TechSupport
/r/HomeLab


Comments/questions? Don't hesitate to message the moderation team.

Moderator of r/networking, speaking officially1 point · 2 days ago

No Home Networking Topics

Sorry, it appears that your thread is focused on Home Networking, or Networking topics not related to Business or Service Provider environments.
This is not compliant with our rules , and your thread has been removed.

Please visit one of these other, fine communities who might be more appropriate for this discussion:

/r/HomeNetworking
/r/Wireless
/r/TechSupport
/r/HomeLab


Comments/questions? Don't hesitate to message the moderation team.

Moderator of r/networking, speaking officially1 point · 2 days ago

No Home Networking Topics

Sorry, it appears that your thread is focused on Home Networking, or Networking topics not related to Business or Service Provider environments.
This is not compliant with our rules , and your thread has been removed.

Please visit one of these other, fine communities who might be more appropriate for this discussion:

/r/HomeNetworking
/r/Wireless
/r/TechSupport
/r/HomeLab


Comments/questions? Don't hesitate to message the moderation team.

Moderator of r/networking, speaking officially1 point · 2 days ago

No Early Career Advice

  • Topics asking for information about getting into the networking field will be removed. This topic has been discussed at length, please use the search feature.
  • Please visit /r/ITCareerQuestions .
  • Topics regarding senior-level networking career progression are permitted.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

For the complete list of Rules, please visit: http://goedhartvoordieren.nl/?page=r/networking/about/rules

Moderator of r/networking, speaking officially1 point · 4 days ago

No Home Networking Topics

Sorry, it appears that your thread is focused on Home Networking, or Networking topics not related to Business or Service Provider environments.
This is not compliant with our rules , and your thread has been removed.

Please visit one of these other, fine communities who might be more appropriate for this discussion:

/r/HomeNetworking
/r/Wireless
/r/TechSupport
/r/HomeLab


Comments/questions? Don't hesitate to message the moderation team.

Moderator of r/networking, speaking officially1 point · 5 days ago

No Home Networking Topics

Sorry, it appears that your thread is focused on Home Networking, or Networking topics not related to Business or Service Provider environments.
This is not compliant with our rules , and your thread has been removed.

Please visit one of these other, fine communities who might be more appropriate for this discussion:

/r/HomeNetworking
/r/Wireless
/r/TechSupport
/r/HomeLab


Comments/questions? Don't hesitate to message the moderation team.

Moderator of r/networking, speaking officially1 point · 6 days ago

Educational Questions must show effort.

  • Homework / Educational Questions must display effort.
  • We are not here to repeat the content of a Wikipedia Article.
  • We are not here to explain anything Like You Are Five - ELI5 requests will be deleted.
  • However, intelligent questions that display a reasonable effort by the poster to understand a subject are permitted, and encouraged.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

For the complete list of Rules, please visit: http://goedhartvoordieren.nl/?page=r/networking/about/rules

Moderator of r/networking, speaking officially1 point · 6 days ago

This submission is not appropriate for /r/networking and has been removed.

Please read the rules in the sidebar, or check out the rules post here before making another submission.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

Thanks!

Moderator of r/networking, speaking officially1 point · 7 days ago

No Home Networking Topics

Sorry, it appears that your thread is focused on Home Networking, or Networking topics not related to Business or Service Provider environments.
This is not compliant with our rules , and your thread has been removed.

Please visit one of these other, fine communities who might be more appropriate for this discussion:

/r/HomeNetworking
/r/Wireless
/r/TechSupport
/r/HomeLab


Comments/questions? Don't hesitate to message the moderation team.

Moderator of r/networking, speaking officially1 point · 7 days ago

This submission is not appropriate for /r/networking and has been removed.

Please read the rules in the sidebar, or check out the rules post here before making another submission.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

Thanks!

Moderator of r/networking, speaking officially1 point · 7 days ago

This submission is not appropriate for /r/networking and has been removed.

Please read the rules in the sidebar, or check out the rules post here before making another submission.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

Thanks!

Moderator of r/networking, speaking officially1 point · 7 days ago

No Low Quality Posts.

  • Any post that fails to display a minimal level of effort prior to asking for help is at risk of being Locked or Deleted.
  • We expect our members to treat each other as fellow professionals. Professionals research & troubleshoot before they ask others for help.
  • Please review How to ask intelligent questions to avoid this issue.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

For the complete list of Rules, please visit: http://goedhartvoordieren.nl/?page=r/networking/about/rules

Educational Questions must show effort.

  • Homework / Educational Questions must display effort.
  • We are not here to repeat the content of a Wikipedia Article.
  • We are not here to explain anything Like You Are Five - ELI5 requests will be deleted.
  • However, intelligent questions that display a reasonable effort by the poster to understand a subject are permitted, and encouraged.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

For the complete list of Rules, please visit: http://goedhartvoordieren.nl/?page=r/networking/about/rules

Moderator of r/networking, speaking officially1 point · 8 days ago

This submission is not appropriate for /r/networking and has been removed.

Please read the rules in the sidebar, or check out the rules post here before making another submission.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

Thanks!

Moderator of r/networking, speaking officially1 point · 8 days ago

No Low Quality Posts.

  • Any post that fails to display a minimal level of effort prior to asking for help is at risk of being Locked or Deleted.
  • We expect our members to treat each other as fellow professionals. Professionals research & troubleshoot before they ask others for help.
  • Please review How to ask intelligent questions to avoid this issue.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

For the complete list of Rules, please visit: http://goedhartvoordieren.nl/?page=r/networking/about/rules

Moderator of r/networking, speaking officially1 point · 8 days ago

This submission is not appropriate for /r/networking and has been removed.

Please read the rules in the sidebar, or check out the rules post here before making another submission.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

Thanks!

Moderator of r/networking, speaking officially1 point · 9 days ago

No Blogspam / Traffic Redirection.

  • This sub prefers to share knowledge within the sub community.
  • Directing our members to resources elsewhere is closely monitored.
  • You may announce the existence of your blog/YouTube Channel in the Friday Blog RoundUp Thread.
  • You may share a URL to a blog that answers questions already in discussion.
  • But harassing members to check out your content will not be tolerated.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

For the complete list of Rules, please visit: http://goedhartvoordieren.nl/?page=r/networking/about/rules

Moderator of r/networking, speaking officially1 point · 10 days ago

No Home Networking Topics

Sorry, it appears that your thread is focused on Home Networking, or Networking topics not related to Business or Service Provider environments.
This is not compliant with our rules , and your thread has been removed.

Please visit one of these other, fine communities who might be more appropriate for this discussion:

/r/HomeNetworking
/r/Wireless
/r/TechSupport
/r/HomeLab


Comments/questions? Don't hesitate to message the moderation team.

Moderator of r/networking, speaking officially1 point · 10 days ago

This submission is not appropriate for /r/networking and has been removed.

Please read the rules in the sidebar, or check out the rules post here before making another submission.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

Thanks!

Moderator of r/networking, speaking officially1 point · 12 days ago

No Home Networking Topics

Sorry, it appears that your thread is focused on Home Networking, or Networking topics not related to Business or Service Provider environments.
This is not compliant with our rules , and your thread has been removed.

Please visit one of these other, fine communities who might be more appropriate for this discussion:

/r/HomeNetworking
/r/Wireless
/r/TechSupport
/r/HomeLab


Comments/questions? Don't hesitate to message the moderation team.

Moderator of r/networking, speaking officially1 point · 12 days ago

No Low Quality Posts.

  • Any post that fails to display a minimal level of effort prior to asking for help is at risk of being Locked or Deleted.
  • We expect our members to treat each other as fellow professionals. Professionals research & troubleshoot before they ask others for help.
  • Please review How to ask intelligent questions to avoid this issue.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

For the complete list of Rules, please visit: http://goedhartvoordieren.nl/?page=r/networking/about/rules

DavisTasar commented on
Moderator of r/networking, speaking officially1 point · 15 days ago

No Low Quality Posts.

  • Any post that fails to display a minimal level of effort prior to asking for help is at risk of being Locked or Deleted.
  • We expect our members to treat each other as fellow professionals. Professionals research & troubleshoot before they ask others for help.
  • Please review How to ask intelligent questions to avoid this issue.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

For the complete list of Rules, please visit: http://goedhartvoordieren.nl/?page=r/networking/about/rules

Moderator of r/networking, speaking officially1 point · 15 days ago

No Blogspam / Traffic Redirection.

  • This sub prefers to share knowledge within the sub community.
  • Directing our members to resources elsewhere is closely monitored.
  • You may announce the existence of your blog/YouTube Channel in the Friday Blog RoundUp Thread.
  • You may share a URL to a blog that answers questions already in discussion.
  • But harassing members to check out your content will not be tolerated.

Comments/questions? Don't hesitiate to message the moderation team, or reply directly to this message.

For the complete list of Rules, please visit: http://goedhartvoordieren.nl/?page=r/networking/about/rules

2

So I've been wracking my brain on this one, and I'm hoping some community involvement might help.

I'm trying to have a healthy way to back up some PCI In-Scope devices.

Storing the devices and credentials to get into them requires you to have a username and password somewhere, because not all devices support certificate based authentication. So somewhere you have to have a system that accesses a plain text, "this username, this password." It could be stored in a database, and the database itself is encrypted, but somewhere you need to have some method that says, "You'll access this database at this location with these credentials", so if its on the same host as the backup system, where's the real mitigation?

PCI data at rest needs to be encrypted. So, the config files when resting need to be in an encrypted location. Which, I suppose an EFS should handle that accordingly, and as long as you limit access to the box, shouldn't be that bad. But if you're using encryption at rest, wouldn't the mitigated risk by the device list in an encrypted database not be as necessary?

Am I overthinking this as a problem, or is backing up plain text files of configs just something that isn't as complicated as I feel it's being? Or maybe I'm just circling around in my own head for the day overthinking issues.

2
15 comments

Wouldn't certificates be just as bad as plain text credentials in this scenario? If somebody gets physical or remote access to your backup device, then can't they still use the certificate to gain access to your networking infrastructure? Regardless of technical security, at some point physical security (i.e. a locked room) is going to be relied upon, no?

see more
Original Poster2 points · 1 month ago

The sad part with Virtualization is that physical security can only go so far, because you can virtually steal the physical machine. Which is why EFS would be a good solution, because once the machine is booted you can decrypt the volume that has the contents. Store the cert or the username/password in the encrypted volume, additional layer of protection.

And in theory, certs could be in that same boat, there's just the idea of revoking the cert, which would be the same as disabling the user account.

I'm only vaguely familiar with EFS, but doesn't that mean you'd have to be constantly logged into the server so the contents of the file/folder/disk/etc could be decrypted? So if the server reboots, you'd need to manually log back in for backups to continue? And if it's a VM that you're always logged into, then if somebody got into the hypervisor and could snapshot the contents of the guest's memory, wouldn't that decryption key be somewhere in there?

It just seems like at some point there's always a weak link in the chain. I'm not being argumentative or anything. This is something I sit and ponder about.

see more
Original Poster1 point · 1 month ago

I appreciate the thoughts, genuinely. Wouldn't have posted if I didn't! Trust me, I spent all day Friday just wracking my brain on this, and that's what had me so frustrated.

you'd have to be constantly logged into the server so the contents of the file/folder/disk/etc could be decrypted?

As long as when the server boots, the system has an account to de-crypt the EFS, it wouldn't require a human interaction.

So if the server reboots, you'd need to manually log back in for backups to continue?

Script it out. Something to set at boot.

then if somebody got into the hypervisor and could snapshot the contents of the guest's memory, wouldn't that decryption key be somewhere in there?

If someone got into the Hypervisor there are much bigger problems. If they got the system into being suspended and not shut down, the host would be still up and accessible.

Load more comments

I bought a Playstation 4. My wife and I were PC gamers, and the PC was just too close to home to do something. So, I bought the Playstation, signed up for PS Pro (which nets you free games each month and discounted others).

If you can, try to partner with a local educational institution. You have the potential to work with learning/qualified staff that would get some real world experience at discount rates, and use the income to replace or upgrade the equipment. Don't try to just get into the market with the "expected standards" (old saying is nobody was ever fired for buying Cisco), but don't hesitate to look at things like Ubiquiti.

u/DavisTasar
Karma
20,378
Cake day
December 13, 2010
Moderator of these communities
r/networking

127,348 subscribers

Trophy Case (4)
Seven-Year Club

Alpha Tester

Team Orangered

Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.