[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Biggest nightmare
From: |
Robin Smidsrød |
Subject: |
Re: [Duplicity-talk] Biggest nightmare |
Date: |
Sat, 30 May 2009 20:59:35 +0200 |
User-agent: |
Thunderbird 2.0.0.21 (Windows/20090302) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cristian KLEIN wrote:
> Hello list,
>
> I wanted to ask you how did you prepare yourself to deal with your
> biggest nightmare. Say somebody hacked your system and wants to do the
> biggest damage possible. So his strategy goes as follows:
>
> - he installs a sniffer or uses another method to get access to you
> duplicity backup host
> - he deletes your hole home folder
> - he deletes yours backups from your backup host
>
> Is anybody dealing with this situation right now? How?
Keep at least one backup _off-line_. That is, in a place that is not
reachable with networking. Like a USB-drive locked in a safe or some
DVD/BD discs burnt and kept somewhere safe. When you need to do the
backup you actually hook the thing up, and when you're done you actually
un-hook it. Nothing beats physical security.
If that is not doable with your setup, you could use a one-way firewall
rule. That is: main server can not initiate communication with
backup-host, but backup-host can initiate contact with main server. The
backup host will pull the backup archive from the main host at
intervals, but a restore will require it to be initiated from the
backup-host or with a firewall rule override.
- -- Robin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkohghcACgkQHAwEVD/in27kSQCfcHbmWb3Nykjlca7FP4bI/pbZ
a2oAnjNuL1lP8ms9vSdFq1oyE1Z4vT0b
=fB9b
-----END PGP SIGNATURE-----
- Re: [Duplicity-talk] Biggest nightmare, (continued)
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, rsync.net, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/30
Re: [Duplicity-talk] Biggest nightmare,
Robin Smidsrød <=