How to prevent a security breach from taking your online backups with it?

security backup

What techniques do you recommend for securing a online backups (to a third party service like Mozy) a backup that has the advantages of online backup but cannot be tampered with just by compromising the main system? The potential advantage of tapes is that there is at least a recent version that is not reachable by the production system at the time of the attack.


Solution 1:

The obvious answer for what I'd like to do is arrange it so that once backups are pushed to the third party service, they're read-only for the account that the main host uses to access the backup server. Whether Mozy and relatives facilitate this, I don't know, but if they're going to blazon "SECURE" all over their home page, you'd think they'd at least be open to a conversation about it.

Solution 2:

There are a few suggestions:

1-You don't push the the backups to the backup system, but you pull from there.

2-Once the backup is completed, a cron job being ran by another user should move the backup to a safe location that the initial user has no access.

3-Never reuse password between server/backup.

You should be able to do this with most backup provides that give you shell/ssh access. If your backup is via ftp/pushing only, I would switch providers...

Solution 3:

With BackUPMAX, all information to be backed up is encrypted on the local computer before being transmitted, using a key that is stored locally. Data is stored in the BackUPMAX Data Centers in its encrypted form. Data can only be recovered by transmitting it back to the local client, which decrypts it, again using the locally-stored key (or in the event of a disaster affecting the local computer, the same key entered by hand into the BackUPMAX Software).

The most important feature of this arrangement is that while the data is stored in the BackUPMAX Data Centers, it is encrypted and not in a readable format. The BackUPMAX Servers do not have access to the key, and without the key, the data cannot be converted to a readable format. Neither do BackUPMAX employees have access to the key.

BackUPMAX stores your data fully encrypted and protected in two mirrored data centers. Only you can access your data using your own encryption key.

Related

How do you use SCP to copy a deep directory?
What issues do you need to check for deploying a java application on linux?
How can I deploy a ClickOnce application via Tomcat?
Physical Vs. Logical standby database
Where can I find a good freelance system administrator? [closed]
Does defragmenting your hard drive before resizing the partition have any benefits?
Does WMI cause CPU Creep?
Re/Installing an MSI, getting 'not a valid short file name' error
How to re-join an AD2003 domain with Samba after deleting the machine account?
Linux : should I create nologin user home dirs?
Where to find symmetric NAT?
Apache virtual hosts and reverse proxy