TNCA-0003 – Anonymous Access to ChronoAgent Computers
Created: Jan 06, 2015Â |Â Updated: July 06, 2020
ChronoAgent is a powerful add-on to ChronoSync that increases the security, reliability and performance of connections between two Macs. Synchronizations and backups using a ChronoAgent connection are easily twice as fast, if not faster, than an equivalent file sharing connection. They also carry none of the restrictions that file sharing imposes such as limited access to the file system and the inability to read and write all file metadata.
The benefits offered by ChronoAgent can sometimes be a hindrance, however, in terms of allowing full access to the ChronoAgent computer. Configuring a ChronoAgent-based sync or backup requires the creation of a connection profile within ChronoSync. This connection profile contains all the information necessary to access a ChronoAgent computer. Once a connection profile is created, it can be re-used for any number of synchronization tasks. This is extremely convenient but it also means any user who can launch ChronoSync can create their own synchronizer task to access a ChronoAgent who has a profile defined. In most circumstances this is harmless but there are certainly some environments where an administrator may not be comfortable with this kind of user access.
This tech-note describes a technique that such administrators can use to create synchronizer tasks that connect to a ChronoAgent but do so without any connection profile defined on the machine. Thus a user won’t be able to create their own synchronizer tasks to gain access to confidential information on a ChronoAgent machine.
ANONYMOUS ACCESS
The term anonymous access refers to creating a synchronizer task that can connect to a ChronoAgent computer without requiring a connection profile. This synchronizer task can then be scheduled to run periodically and will establish the connection on each run. The user’s data is backed up or synchronized with the central ChronoAgent but the user has no way to access the ChronoAgent themselves without administrator intervention.
The steps to achieve anonymous ChronoAgent access are pretty simple:
- Create a connection profile on the user’s machine. This is always necessary to establish the initial connection. Connection profiles are created and managed in the Connections tab of ChronoSync->Preferences or by choosing “Add/edit/remove connection…” from the “Connect to:” pop-up menu in a synchronizer task’s Setup panel.
- Create a synchronizer task that uses the connection profile. Configure the task as desired and confirm that it operates as expected.
- Add Access Restrictions to this synchronizer task by selecting “Access Restriction…” from the “File” menu. This allows you to define a password that will be required to open and interact with the synchronizer task. Choose a password that only you, the administrator, knows. Do not supply this password to the user!
- Schedule this synchronizer task to execute at the desired interval or trigger event. This is optional at this point because you can always schedule it later.
- Save the synchronizer task and close it.
- Delete the connection profile from the Connections tab of ChronoSync->Preferences by selecting it and clicking “-” icon.
That’s it! You have created a synchronizer task that has anonymous access to a ChronoAgent.
HOW IT WORKS
All synchronizer documents that connect to a ChronoAgent contain a copy of the connection profile that was used to establish the connection in the first place. Normally, a connection profile also exists on the user’s machine and ChronoSync will always use the locally defined connection profile in place of the one embedded in the synchronizer document. Changes to the locally defined connection profile will also get merged into the synchronizer document’s profile every time the synchronizer document is opened. However, if no locally defined profile exists, the embedded connection profile is always used in its place.
Experienced ChronoSync users may have encountered this behavior in the past after upgrading a computer or moving a ChronoSync installation to a different machine. Upon opening a synchronizer document that contains a connection profile that is not locally defined, ChronoSync warns the user that the profile does not exist. ChronoSync then offers the option of creating a profile based on the one embedded in the sync document. This is where password-protecting the synchronizer document comes in. By adding the access restriction, users without the password will never be able to open the synchronizer document and hence the top-secret connection profile will remain safely embedded in the document.
The whole scheme works because of the fact that scheduled synchronizations do not require a password to run the document. The access restriction only applies to editing. Thus all scheduled synchronizations will execute like clockwork without the need for a locally defined connection profile.
LIMITATIONS
One key problem with this approach is that if the administrator needs to change the synchronizer document’s configuration or recover lost files that were backed up by it, they are going to need to open it up on the user’s machine. This will require password entry and will result in the creation of a local copy of the embedded profile. Care must be taken to remember to delete the locally created profile after such actions have been performed or else the ChronoAgent access will no longer be anonymous.
It’s also important to note that adding an access restriction to a synchronizer document does not cryptographically protect the document i.e. it is not encrypted. While the password itself is encrypted, it is not impossible to ‘hack’ a synchronizer document so that access restrictions are disabled. Administrators need to gauge the sophistication of their users and weigh it against the sensitivity of the data on the ChronoAgent machine before employing this technique.
RELATED DOCUMENTS
REVISION HISTORY
Jan-06-2015 – Created from Internal Support Notes.