[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] Incremental, automated, remote, secure

From: Grant
Subject: Re: [rdiff-backup-users] Incremental, automated, remote, secure
Date: Thu, 18 Jul 2013 07:53:39 -0700

>>> I'm struggling to devise an incremental, automated backup scheme that
>>> remotely and securely backs up data from one system to another,
>>> preserves permissions and ownership, and keeps the backups safe even
>>> if the backed-up system is compromised.  Would the following work?
>> What are you calling "compromised?"  Because the proposed solution you
>> mentioned didn't even mention encryption.  So I guess you must be
>> saying "compromised" when you're really talking about the backup
>> system being damaged or otherwise suffering data integrity failure.
>> Either way, the answer is, "you can't, with anything, ever."
>> If you are talking about security compromised, then all you can do is
>> encrypt data before it leaves original server, and run integrity
>> checks on it.  You'll keep your data private, even on a compromised
>> system, but you'll be subject to tampering.  You'll be able to detect
>> tampering, but you will not be able to recover.
>> If you are talking about integrity compromised, on both your original
>> and backup systems...  Well ...  Then the data integrity was
>> compromised on both your original and backup copies.  Sorry, nothing
>> can protect you from that, except having more redundant copies.
> I think the OP was talking about
>   client with data to be backed up
>   server to store backups
>   at some point, *client* is compromised
>   the desired security property is for the client not to be able to
>   modify/delete the backups that happened before the compromise

Exactly, yes.  I will add encryption soon.

- Grant

reply via email to

[Prev in Thread] Current Thread [Next in Thread]