-4

I installed the Jungle Disk client onto one of our web servers to try out, but I am concerned about the security risks of using the application.

It installs using a .DEB or .RPM package based on your OS of choice. Once installed, the JD server could see and modify my files. I didn't open any ports in my firewall, and I use SSH on a non-standard port. My concern is that this behavior is similar to that of a Trojan. What stops a bad guy from creating a server claiming to be "Jungle Disk" and gaining access to my file system?

The JD documentation says that files are transfered over SSL. Since I didn't setup SSL for this, I'm guessing that the software on my machine acts as a client to their server which is running SSL. SSL by nature can prevent man-in-the-middle attacks, and serves as a form of validation, but certificates expire. There must be some way that they can push new certificate lists to clients, in case they change their certificate or CA? In this case, couldn't a hacker push an update to the software that points the client program at a malicious server?

We need to maintain PCI compliance, as our production servers (not the one I'm testing on) take credit card information from consumers. But I am also worried about creating an attack surface on my servers in general.

In keeping with the purpose of this site, my specific questions are:

  1. Are there any known vulnerabilities with recent versions of Jungle Disk including 3.16?

  2. Is there anything in specific that I should look for in any cloud backup provider that indicates their solution is safe, rather than having to take their word for it? For example, a SAS 70 type II certified data center has been audited and found to meet certain security requirements.

UPDATE:

I have sent the following to Jungle Disk via support ticket:

I have some concerns regarding the security of JungleDisk.

Once the .DEB package is installed, your servers can see and access my files, even though I didn't open any ports, or grant file level permissions to the Jungle Disk user. While this functionality is necessary to make backups work, it does raise some concerns. Namely, that it creates a surface area for attack by a malicious individual or organization. What measures are in place to prevent an unauthorized server from presenting itself to my server as Jungle Disk Administrator and taking my files? Or using the restore function to install a root kit? Or just deleting/corrupting data in general? Does Jungle Disk meet PCI requirements for backing up E-commerce web servers that accept credit cards? What measures are in place to prevent data from being sent to an attackers server after a DNS cache poisoning attack?

I also came across this article: http://www.daemonology.net/blog/2011-06-03-insecurity-in-the-jungle.html. It was posted about 9 months ago and raises concerns about the way data is encrypted and stored on Jungle Disk. What measures, if any, have been taken to address these concerns?

Do you have a security auditor on staff?

I didn't ask JD initially because I knew I would get a response like this:

Thank you for contacting Jungle Disk Support.

Jungle Disk uses a multi-layered, defense in depth strategy to protect our customers' data and we constantly review our solution and implement new improved features and techniques as they become available to us. Security is always a priority for us when providing our customers with products like Jungle Disk, and we will continue to review feedback to help us ensure that we have the best solution available.

Regards,

JungleDiskSupport

Nick
  • 4,433
  • 29
  • 67
  • 95
  • What, specifically, is wrong with this question? – Nick Mar 10 '12 at 10:43
  • I haven't down voted, but you are asking if a piece of software is vulnerable to exploits, this might stand a chance of being answerable if you stated the version of the product you are using. Even if you did state the version, you can't be sure, because there could be undiscovered (or non disclosed) vulnerabilities for the software. – Bryan Mar 10 '12 at 10:47
  • Jungle Disk 3.16 on Ubuntu 10.04 Server. But I was asking in general, since this software makes it possible for an outside service to read and access *all* files on my server, if the design of such a system was vulnerable to fake DNS records or other malicious servers pretending to be the Jungle disk service. I'm not a security expert which is why I was asking for help from someone knowledgeable. I was looking for a "Yes, people use this all the time, its safe" or a, "No! That's a huge security issue. You should be using xyz instead". I guess the "answerable" question would be, "is it safe"? – Nick Mar 10 '12 at 10:58
  • As sysadmin1138 notes, it's really a "how much do you trust Rackspace not to screw you over, or make a stupid mistake?" I'm OK with the first part (you have to trust someone sooner or later, and they're a good sized entity), somewhat less so with the second part. I'm not sure how prevalent JungleDisk is, in terms of enterprise backup of web servers. The whole thing is aimed at personal use or small business. After a certain point, you tend to roll your own (e.g., rsync encrypted files to Amazon S3) which gives you more control over what's going on. – cjc Mar 10 '12 at 11:52
  • I would like someone to please explain how a topic related to the security of backing up a server is considered "off topic" for a site about server administration. There needs to be a degree of predictability in what is and isn't acceptable. And yet, every time I ask a question here, I honestly have no idea whether it will be up-voted, down-voted or closed. I do not ask questions that I believe to be off-topic. If this question is, you need to explain what criteria was used to make that determination. Per the close message, this question falls within the scope defined in the faq. – Nick Mar 11 '12 at 08:22
  • @Nick, please post that last comment as a question on the [meta site](http://meta.serverfault.com/), as you are more likely to get a response that way. – Bryan Mar 12 '12 at 11:21

2 Answers2

5

As with many things in security, it's all about trust.

Do you trust your Certificate Authority to only issue SSL certificates for your domain to you and only you?

Do you trust your firewall vendors to not put in back-doors?

Do you trust your wireless access-point vendor to appropriately handle any encryption in use?

This is a fundamental problem, and happens any time you consider including material that isn't 100% under your control into your system. Cloud backup services introduce new layers of attack and information disclosure (what if they get sued and somehow your data gets included in the legal processes) that purely on-site systems don't.

From your description, Jungle Disk is running as a daemon on your web-server. It probably periodically scans your configured directories for changed files, and then uploads those changed files to the Jundle Disk mothership. In this case SSL usage is a good thing, as it's a solid defense against DNS cache-poisoning attacks that could cause the lookup for mothership.jungledisk.com (or whatever) to go astray; if you trust their certificate authority to only pass out certs for jungledisk to jungledisk such a misdirected connection should fail SSL validation.

A pretty good method, actually.

As for their certificate validation method, you'll have to ask them. It may be as simple as they only ship one Trusted Root certificate with the product and all server certificates must be signed with that one root or it won't connect. But that's just a theory, you really should ask.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
  • I'm going to send them a support ticket and see what I get back. I'll let you know what they say. – Nick Mar 10 '12 at 10:59
2

Read: http://www.daemonology.net/blog/2011-06-03-insecurity-in-the-jungle.html and you will probably choose not to use Jungle Disk...

Neil Shorey
  • 21
  • 1
  • Are these problems inherent in all online backup solutions? And it seems this is more about storage encryption than creating a network/system vulnerability. It's also a post that's 9 months old about a version of source code that might not be the actual code in use, per the introduction. – Nick Mar 10 '12 at 10:44
  • You should also mention that this articles is written by someone who has his own online backup service. – Nick Mar 11 '12 at 08:10
  • 1
    @Nick Colin Percival is also the FreeBSD security officer (longest-serving one I can recall actually), and pretty well-regarded in the security and cryptography communities -- I would put a lot of weight behind his analysis. – voretaq7 Mar 12 '12 at 15:18