 |  |
22.6. File Synchronization
Strictly speaking, protocols that synchronize files between two computers are file transfer programs. However, they are primarily used for administrative purposes, so we cover them here. These services are intended to make files identical on two computers. They are usually used to synchronize multiple servers that are supposed to be interchangeable or to make certain that all the machines in a group have the same application versions.Some systems use normal file transfer protocols to do synchronization -- for instance, to synchronize laptops to servers when they are present on a network. To figure out how to use such systems with a firewall, first figure out what file transfer protocol they're using and then look up the details of that protocol in Chapter 17, "File Transfer, File Sharing, and Printing".
22.6.1. rdist
rdist is the best known of the Unix programs for file synchronization. Two versions are in widespread use: version 5 (sometimes known as ordist) and version 6. Version 6 is not compatible with version 5, but most version 6 servers will fall back to using the version 5 executables if they are available. rdist version 5 uses rsh to communicate between machines; rdist version 6 can use either rsh or SSH. The characteristics of rsh and SSH (for packet filtering, proxying, and network address translation) are discussed in Chapter 18, "Remote Access to Hosts", and are not changed by using them for rdist.While rdist is an incredibly useful system administration tool, it also has a long and sad history of security problems, mostly related to its use of setuid to run as root, sometimes at inappropriate moments. This is only made worse by using rsh as its base. You should not use rdist version 5 through a firewall or to any bastion host; use SSH-based rdist version 6 or rsync instead (see the next section for more information about rsync).
22.6.2. rsync
rsync is a synchronization protocol that uses checksums to determine differences (instead of relying on modification dates) and does partial file transfers (transferring only the differences instead of the entire files). rsync was developed by Andrew Tridgell and Paul Mackerras.rsync may either be run like rdist on top of a remote shell protocol (preferably ssh but rsh is also possible), or use its own daemon, rsyncd. rsyncd does authentication but does not encrypt the data being transferred. rsyncd is useful if you are interested in using rsync to distribute publicly available files; it allows you to use rsync like FTP, without allowing remote shell access to the Internet. It is arguably more secure than FTP (it provides less functionality) and will certainly be more efficient in situations where people need to transfer updated files repeatedly. If you are transferring confidential data, you should use rsync over SSH instead of using rsyncd.
22.6.2.1. Packet filtering characteristics of rsync
rsync is generally run over SSH, although it is possible to run it over rsh if you are not concerned with security. Packet filtering characteristics of SSH and rsh are discussed in Chapter 18, "Remote Access to Hosts". The dedicated rsync daemon, rsyncd, uses TCP port 873.| Direction | SourceAddr. | Dest.Addr. | Protocol | SourcePort | Dest.Port | ACKSet | Notes |
|---|---|---|---|---|---|---|---|
| In | Ext | Int | TCP | >1023 | 873 |
[162]
|
Request, external client to internal server |
| Out | Int | Ext | TCP | 873 | >1023 | Yes | Response, internal server to external client |
| Out | Int | Ext | TCP | >1023 | 873 | [162] | Request, internal client to external server |
| In | Ext | Int | TCP | 873 | >1023 | Yes | Response, external server to internal client |
[162]ACK will not be set on the first packet (establishing connection) but will be set on the rest.
22.6.2.2. Proxying characteristics of rsync
rsync is normally run over SSH or rsh; proxying characteristics of these protocols are discussed in Chapter 18, "Remote Access to Hosts". The rsync client provides support for using an HTTP proxy for rsync connections, as long as the HTTP proxy is willing to connect to port 873. (For more information about HTTP proxies, see "Proxying Characteristics of HTTP" in Chapter 15, "The World Wide Web".) rsync's own protocol is straightforward to proxy and could also easily be used with SOCKS, for instance. However, since rsyncd is not terribly widespread, proxies for it are not available. You will need to set them up yourself.
22.6.2.3. Network address translation characteristics of rsync
rsync is normally run over SSH or rsh; network address translation characteristics of these protocols are discussed in Chapter 18, "Remote Access to Hosts". rsync's own protocol does not use embedded IP addresses and should function through a network address translation system without problems.
22.6.3. Windows NT Directory Replication
Directory Replication (also known as LMRepl) is used to automatically copy information from machines running Windows NT Server to machines running Windows NT 4 or OS/2. Windows 2000 does not support this service. It is used to copy login scripts and policy information between domain controllers and package information between SMS servers in the same site; it can also be used to copy whatever other information administrators want to distribute.In Directory Replication, there is an exporting computer and at least one importing computer. Each machine has a special account that is used for replication. These accounts have the permissions for the "Backup Operators" group, which will allow them to read and write any file on the computer, regardless of its permissions. Furthermore, the accounts have to be effectively equivalent on the exporting and importing computer (either by having them actually be the same account, as part of a domain, or by giving them the same username and password). This means that two machines that replicate directories effectively trust each other completely; if either one of them is compromised, the other one will be too.
Windows NT Directory Replication is based on SMB transactions; see Chapter 14, "Intermediary Protocols", for a discussion of the packet filtering, proxying, and network address translation characteristics of SMB.
Because Directory Replication is based on SMB transactions, it is difficult to allow it securely through a firewall. Because it involves extensive trust, it is a bad idea to use it to or from machines that make up part of a firewall.
22.6.4. Windows 2000 File Replication Service (FRS)
In Windows 2000, the service that's used to automatically synchronize files is the File Replication Service (FRS). Like directory replication, FRS is used routinely as part of the process of synchronizing information among domain controllers, but it can also be used explicitly to maintain replicas of other files. When FRS is used to synchronize information among domain controllers, it is referred to as SYSVOL replication.Directory replication is a single master system, where one machine maintains the master copy and propagates it to other machines. Files can be changed only on the machine with the master copy. FRS is a multiple master system, where files can be changed on any machine, and the changes will be propagated to the other systems.
FRS uses authenticated RPC calls to distribute information between replicas. For more information about the firewall characteristics of RPC, see Chapter 14, "Intermediary Protocols".
22.6.5. Summary of Recommendations for File Synchronization
|  | |
| 22.5. Network Time Protocol |  | 22.7. Mostly Harmless Protocols |
