Results 1 to 7 of 7

Thread: Backup Security Best Practices

  1. #1
    Join Date
    Jan 2007
    Beans
    58

    Arrow Backup Security Best Practices

    I have read in the past about intruders breaking into hosting companies, wiping out their production servers, and then their backups as well because they left their backups available to their production servers.

    I was thinking that they must have poor security practice to leave their backups vulnerable like that, but then I got to wondering...my backups function in the same way. I have all of my servers backup to a common backup storage location. In order to be automated, I use SSH key pairs with no passphrase. So...any compromised server would be able to wipe out the backup server with no problem.

    So, the question is - what is the best way to secure a backup server from a compromised production server?

    My thoughts so far:

    Pull from the backup server instead of pushing from the production server. This would protect against a compromised production server, but a compromised backup server puts all production servers at risk.

    Set the shell to /bin/false on the backup server's SSH account and disable root login. This would prevent someone from running malicious commands, but I could run rsync against an empty directory and would effectively wipe out the backup as well.

    I found this article, but I don't like it because although the backup server mounts the production server filesystems as read only, there is nothing stopping a malicious user from changing the mount options if the server was compromised.

  2. #2
    Join Date
    May 2011
    Beans
    159
    Distro
    Xubuntu

    Re: Backup Security Best Practices

    if we are talking about production environment, should you be backing up your back up server to a tape and keep it off-site?

  3. #3
    Join Date
    Aug 2011
    Beans
    322
    Distro
    Xubuntu 13.04 Raring Ringtail

    Re: Backup Security Best Practices

    Permissions, etc., etc. are certainly a step in the right direction. However, your concerns are certainly well founded. The solution, I believe, is really rather simple. What is not connected cannot be compromised by intruders. What is not on site cannot be destroyed by accident. The question is how much money can/will you spend to solve your problem? In short, have multiple NASs, removable HDs, whatever available. Periodically remove the latest from your machine and replace it with your oldest backup (if it is no longer needed). You can go to the extent as some do of making a third level - the oldest backup is always off site so a fire or some such calamity cannot wipe you out completely. Personally I would not use tape, though. I found it inconvenient to work with when disks were available.

  4. #4
    Join Date
    Jan 2007
    Beans
    58

    Re: Backup Security Best Practices

    I forgot to mention the backups are all off-site. So, in terms of physical disasters these are safe.

    So it sounds like there is no way to automate it while being totally secure?

  5. #5
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,815

    Re: Backup Security Best Practices

    Quote Originally Posted by awells527 View Post
    I forgot to mention the backups are all off-site. So, in terms of physical disasters these are safe.

    So it sounds like there is no way to automate it while being totally secure?
    No such thing as totally secure (well unless it is never used,shared or turned on or connected to a network or given physical access), as for off-site the "safe" only applies if the offsite is not in close geographical proximity, if a natural disaster hits and your backup is 20 miles down the road, it is likely to be still be effected if its a hurricane or earthquake or similar and then you lose both on and off site.

    Cheers
    Feel Free to Bitcoin Tip: 135Rp4pwwYTHEJ4u8bxKaDQiC91N9LUoV2

    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  6. #6
    Join Date
    Sep 2006
    Beans
    7,014
    Distro
    Lubuntu Development Release

    Rotating storage media

    Quote Originally Posted by awells527 View Post
    I have read in the past about intruders breaking into hosting companies, wiping out their production servers, and then their backups as well because they left their backups available to their production servers.

    I was thinking that they must have poor security practice to leave their backups vulnerable like that, but then I got to wondering...my backups function in the same way. I have all of my servers backup to a common backup storage location. In order to be automated, I use SSH key pairs with no passphrase. So...any compromised server would be able to wipe out the backup server with no problem.

    So, the question is - what is the best way to secure a backup server from a compromised production server?

    My thoughts so far:

    Pull from the backup server instead of pushing from the production server. This would protect against a compromised production server, but a compromised backup server puts all production servers at risk.

    Set the shell to /bin/false on the backup server's SSH account and disable root login. This would prevent someone from running malicious commands, but I could run rsync against an empty directory and would effectively wipe out the backup as well.

    I found this article, but I don't like it because although the backup server mounts the production server filesystems as read only, there is nothing stopping a malicious user from changing the mount options if the server was compromised.
    You could rotate the storage media to buy time. Hopefully the problems are discovered and fixed before all the media are overwritten. There are at least two ways to do that:

    Rotate among two or three disks or have a different USB disk for each day of the week.

    Or back up to different target directories on different days.

  7. #7
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Backup Security Best Practices

    Quote Originally Posted by a2j View Post
    if we are talking about production environment, should you be backing up your back up server to a tape and keep it off-site?
    +1 to tape being stored off-site. It's messy and nasty but it works.

    Quote Originally Posted by haqking View Post
    No such thing as totally secure (well unless it is never used,shared or turned on or connected to a network or given physical access), as for off-site the "safe" only applies if the offsite is not in close geographical proximity, if a natural disaster hits and your backup is 20 miles down the road, it is likely to be still be effected if its a hurricane or earthquake or similar and then you lose both on and off site.
    This is true too. I thought about storing backups in a safe deposit box at a bank but decided against it since if there was a major disaster, those backups would be wiped out.

    Of course, that being said, I do daily and monthly backups and test to make sure they are good before something bad happens.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •