Re: MDs & Dentists
Hi,
Stefan Monnier wrote:
> Plain old HDDs and SSDs also work for "immutable" backups: just don't
> keep them connected to the host after you've done the backup.
But how do you keep the system from messing them up during the first
backup after the malware took over ?
Reco wrote before i asked above question:
> > It's a really simple concept - one host is doing the backup, another one
> > controls where and how it written.
> > To inflict some damage, one has to compromise both, and frankly if one
> > does not protect their backups properly one has bigger problems to worry
> > about than a "ransomware attack".
In the hypothetical attack scenario the malware is able to encrypt files to
which not everybody is supposed to be able to write. So the attacker already
got the fingers deep in the system and - if applicable - in the network.
The demand for ransom is only the payload of a skilled system takeover.
So i think the concept of an "immutable" backup is of value in case the
data are worth more than 50 cent per 25 GB and don't exceed a few hundred
GB. The use of write-once-read-many media is a fine component of a backup
strategy which puts emphasis on protecting the older backups from being
altered or destroyed after the malware took over.
(I fail to find in the list archive the post by which this idea was proposed
first. So i cannot properly attribute the merit of having introduced it
here.)
> > Of course, not doing any backups at all is equally bad.
Especially since Layer 8 (aka PEBKAC aka ID-10-T) as main threat to data
integrity has not lost any of its damage potential.
Have a nice day :)
Thomas
Reply to: