PDA

View Full Version : AFP over Internet?




jackhdev
Jun 29, 2012, 03:18 PM
I have a Time Capsule at my house and an iMac at my office. I am able to successfully back up the iMac to the Time Capsule through AFP using Carbon Copy Cloner.

Here's my question: how secure is this? The backup is to an encrypted disk image. This being so (and the disk image has to be mounted on the iMac first), does this make the traffic encrypted? Second, are the login credentials sent in plain text?

Thanks.



MisterMe
Jun 29, 2012, 06:57 PM
As I understand you, you are sending clear data to an encrypted image. Your data will not be encrypted until it reaches its destination. Anyone with the ability to intercept it will be able to read it.

jackhdev
Jun 29, 2012, 07:20 PM
As I understand you, you are sending clear data to an encrypted image. Your data will not be encrypted until it reaches its destination. Anyone with the ability to intercept it will be able to read it.

Nah, I looked around and found that the data is encrypted because the DMG is (and the DMG is mounted on the iMac). http://www.cqwen.com/encrypted-disk-images-are-a-perfect-way-to-transport-data/

Am I right to assume that the AFP login credentials are sent in plain text?

MisterMe
Jun 30, 2012, 10:52 AM
You have to be clear about what you are doing. If you are sending an encrypted disc image en masse, then of course the data are encrypted because the image in encrypted at its source. This is not what you said. You said that you were sending data to an encrypted image. In that case, the data are not encrypted until they are archived by the Time Capsule.

So which is it? Are you sending individual files to an encrypted image of Time Capsule or are you sending an encrypted image to the Time Capsule?

jackhdev
Jun 30, 2012, 12:20 PM
I am sending the files to an encrypted disk image on the Time Capsule. Carbon Copy Cloner connects to the Time Capsule over the Internet, mounts the encrypted disk image (located on the Time Capsule), and then copies the individual updated files over. I looked it up and it appears that sending files to an encrypted disk image encrypts the traffic as well.

Do you know anything about the username and password though? Are those encrypted? Is AFP secure/not secure on a network if you are just logging in (i.e. no Kerberos)? Thanks for your help.

MisterMe
Jul 1, 2012, 12:31 AM
Clearly your data stream is not encrypted. As for your credentials, Apple has very good credentials encryption. Your may expect your Time Capsule user name and password to be secure.

Alrescha
Jul 1, 2012, 07:55 AM
Clearly your data stream is not encrypted.


Clearly it is.

He's mounting the encrypted disk image from the remote computer. The only thing getting transmitted over the Internet is the encrypted version of the disk image. The Time Capsule certainly isn't doing the encryption - the remote iMac is.

A.

Supa_Fly
Jul 1, 2012, 12:18 PM
I'm curious ... and sorry to hijack this thread, can this (backup over internet) be done without the need for CCC? Can this be done via TimeMachine??

jackhdev
Jul 1, 2012, 01:41 PM
I'm curious ... and sorry to hijack this thread, can this (backup over internet) be done without the need for CCC? Can this be done via TimeMachine??

You should be able to, though you would have to mount the share point on the computer first (because Time Machine uses bonjour to find a place to backup, and this does not work over the Internet; you need to help it). You would also have to set up a script to run every hour or so to make sure that the share point is still mounted (though once you tell Time Machine where you are backing up to, it may be able to mount the disk automatically).

My computer at work is running Mac OS X Server, so I automatically use CCC. Time Machine is not meant for servers and does not back up everything.