Le blog de numerunique
→fr

A reasonably reliable backup
14/04/2023

A backup is useful in more than one scenario, but the worst is that of a hacked server; a backup adapted to this extreme situation is also suitable for others.

And there is only one solution to restore a compromised server: start from a clean installation and import the inert data from an unharmed backup.

It is therefore not only necessary that the backups are safe on a medium external to the server but also that this storage space is inaccessible from the server to be backed up, otherwise it risks being compromised by the hacker as well. We therefore immediately rule out "backup" volumes accessible only from the server to be backed up, which are an aberration.

To preserve the integrity and confidentiality of the backup, it is also useful to encrypt it. And here, on the other hand, it must be done directly on the server to be backed up, before externalizing it. It's unnecessary to burden the server with precautions for encryption or its key since everything that this encryption would protect is already accessible on site... However, a copy of the encryption method and key must be kept separately; it will be essential to use the backup elsewhere.

The process of a reasonably reliable backup is therefore as follows:

Access to the backup on the server to be backed up must be as limited as possible while allowing the backup server to retrieve it.

Still in the context of the scenario of restoring a compromised server, it must be anticipated that this compromise could go unnoticed for some time. It is therefore useful to keep more than one backup version to be able to go back in time to the most recent one prior to the compromise. However, it is unnecessary to keep too many; backups that are too old risk being unusable due to the obsolescence of the information they contain.

It remains to choose a reliable external medium, flexible and economical as well.

To be continued...

Previous | Next