[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Biggest nightmare
From: |
Cristian KLEIN |
Subject: |
Re: [Duplicity-talk] Biggest nightmare |
Date: |
Sun, 31 May 2009 21:57:30 +0200 |
User-agent: |
Thunderbird 2.0.0.21 (X11/20090409) |
rsync.net a écrit :
>
> Hello Christian,
>
> On Sun, 31 May 2009, Cristian KLEIN wrote:
>
>>>> - he installs a sniffer or uses another method to get access to you
>>>> duplicity backup host
>>>> - he deletes your hole home folder
>>>> - he deletes yours backups from your backup host
>>>>
>>>> Is anybody dealing with this situation right now? How?
>>>
>>> Sorry to hear you're having problems.
>>
>> Luckily, I don't have this problem. But better be safe than sorry. :)
>>
>> Thank you very much for your feedback. I observe that there are two
>> solutions:
>> 1) Also store backup off-site.
>> 2) Backup-host initiated backup.
>>
>> I would like to add another idea and know what you're thinking about it.
>> Everything duplicity needs for „normal” backup operations is to list
>> files, read files and create new (non-existing) files. So I thought
>> about creating a restricted SFTP server, which would allow exactly these
>> three operations. Then an evil attacker could not compromise backups.
>>
>> A user who has an SSH account on a backup host, would use two keys:
>> a) not-password-protected, restricted to SFTP
>> b) password-protected, restricted to backup maintainance, which he
>> should actually *never* use
>
> The solution you suggest, a restricted sftp server, does not protect
> against a root compromise of the remote backup host. This is fine, but
> if you aren't protecting against remote root compromise, then there is
> no reason to invent such a complicated solution.
I'm not that concerned about losing my backups. I am concerned with
losing my data and my backups _at the same time_. Root compromising the
backup host will compromise my backups, but unless I had a bad day, I
still have my data. Whereas, compromising my laptop, with the current
duplicity practices (i.e. SSH into the backup host) can easily lead to
compromising both my data and my backups.
Please note that I am using duplicity only for "snapshot" and not
"versioning" purposes. In case you're using it for versioning (i.e. you
might want to recover a file as it was 1 year ago), then you're
perfectly right.
- Re: [Duplicity-talk] Biggest nightmare, (continued)
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, rsync.net, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare,
Cristian KLEIN <=
Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/30
Re: [Duplicity-talk] Biggest nightmare, Robin Smidsrød, 2009/05/30