Opening 55415 to the Internet, great idea or greatest idea?

I’ve been using urbackup for some time, and recently upgraded to 2.0.30/31. Currently backups of offsite clients require the clients connect to the VPN first. This is too much trouble for some users, and they don’t deserve backups. Or rather, I mean if they don’t need the VPN then the backups will happen whether they care or not.

This is a different question than encrypting the transfer. I’m not worried about the encrypted backup data being sniffed and cracked (though that would be a deal breaker), but rather the security of the server itself to attacks on the backup port.

Is urbackup hardened to be poked through a firewall? I ran
nc urbackup.server.local 55415 < /dev/urandom
to see what would happen, and it appears to have survived. I’ve found some services which crash on that simple test.

Anyway, before I make the proposal to my organization’s security team, I want to make sure this is a scenario that is intended—open internet access to urbackup.

Yes, it is designed to be exposed to the Internet. The attack surface is small if one does not have a valid clientname/authkey combination.