- security News Forums
- > Some online backup services insecure
- > Carbonite not vulnerable to Man in the Middle Attacks
Carbonite not vulnerable to Man in the Middle Attacks 25 May 2008 18:53
Carbonite is a secure multi-tenant system designed with end-to-end
data security in mind. Client data is compressed and encrypted using
128-bit Blowfish by the Carbonite client software. In this way, no
unencrypted data is sent over the wire. Installation of the Carbonite
client software requires administrator-level access to the client
Windows machine, and e-mail is sent to the registered user on all
end-user operations that could endanger backed up data.
In all cases, the connection between the Carbonite client and the
server is via SSL-encrypted HTTPS, which provides a second layer of
encryption and security. IP addresses are logged for all requests.
Carbonite was designed to prevent two kinds of Man in the Middle
Attacks. First, the Carbonite client checks the server’s certificate
and refuses to connect to a server with an invalid certificate.
Carbonite also issues each client with a certificate which the server
checks so we can detect fake client attacks on the server. To our
knowledge few other systems use client certificates as well.
Rob Rubin | Vice President Engineering
www.carbonite.com
Backup. Simple
- Threaded View
- Flat View
