Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Security and AutoConfigBackup

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 875 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bradf
      last edited by

      Hi All,

      I hope this doesn't come across as questioning the integrity of the pfSense staff.  Rather, it's an opportunity for me and my team to learn more about security.

      We have recently become a Gold Subscriber which makes us eligible to use the AutoConfigBackup package.  Between ourselves, we've been debating whether there are any security risks in using this service.

      We understand that the Config files are stored encrypted, but anything can be cracked, eventually.  Obviously there are passwords hashed in the config file.  Beyond that, I'm not sure there's much that is sensitive.

      What is the community's feelings about using this service, or about storing your config files in an encrypted format on cloud services such as DropBox and others?  Is the risk large, small, or non-existent?

      Thanks for any information you can provide to help educate us!  And Thanks to the pfSense developers!  This is an awesome tool!

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        I generate a long key (password) to use to encrypt for AutoConfigBackup. Then I store that safely off the public internet. If someone does break into the pfSense AutoConfigBackup server, then it will take them some tome longer than I (or they) probably care about to brute force crack it.

        The config also has certificates in it for OpenVPN road warriors, site-to-site PSKeys and so on. So you really do not want to publish config.xml

        If you just put clear-text files on DropBox then they (DropBox sys admins and the US govt) can get to them easily. To save space, they keep hashes of the clear-text files and if that file is already stored somewhere in DropBox then they just keep a link to it for you - e.g. if 20,000 people put the latest Firefox installer in their DropBox, then DropBox only store it once. Because of this, we know that they are not individually encrypting your files using your password as a key. So on the back-end server itself there must be bucket loads of plain-text storage space. Given all the recent revelations in the USA, I would assume that anything on DropBox can (and maybe is) be mirrored to a secret site in Utah. For stuff you care to keep private, encrypt it yourself locally first with a long key, then dump the encrypted file/s into DropBox.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • B
          bradf
          last edited by

          Thank you Phil!

          This is good information.  I appreciate your time and perspective.  We've tried to keep anything out of DropBox and Google that was the least bit security sensitive.  But it's helpful to know some of the good reasons for that practice.  :-)

          I also hadn't thought about the certificates being stored in the XML file.  That's a very good point.

          Does anyone know if there is a limit to the size (length) of the AutoConfigBackup key?

          Thanks again!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.