What is the correct approach for backing up the contents of a hard drive while protecting the created backups from unauthorized access?

Y

Yuri Yerusalimsky2017-02-26 11:12:36

System administration

Yuri Yerusalimsky, 2017-02-26 11:12:36

There is an HP ProLiant server on Windows Server 2008 R2 Standart, in which a RAID array of mirrored SATA hard drives of 1 TB is initially configured. everyone. These same data from disks must be automatically backed up to a third disk, preferably connected to a USB connector. There is a USB-box, it remains only to find the right approach to backups. The fact is that I'm interested in the ability to make backups so that they meet the following requirements:
1. Encryption - so that the contents of the archives cannot be read. In general, everything is simple here, almost all backup systems can do this by encrypting the image with a password.
2. Protection against accidental or intentional deletion - since I know that everything is possible to hack and bypass, I would not want to give the opportunity for an attacker who can enter the server remotely (just let's say this option) to delete images from disk. Something like read-only access, with the ability to write under certain conditions (I can’t imagine anything other than entering a password for this case). In any case, I think the idea is clear, but I ask for help with specifics, how it is generally implemented.
If it becomes interesting why I will use a USB external hard drive, everything is simple - there are several disks, I will periodically manually replace it, but I don’t see the opportunity to stop the server for this.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Artem @Jump, 2017-02-26
Tag

Protection against accidental or intentional deletion

It is done simply - banal rights.
Only the user who does the archiving has write permissions to the folder with archives.
The rest, including the administrator, do not have such rights.
The implementation is simple - the necessary settings are in the "security" tab.
But it is more reliable to physically exclude access - copy not to the device, but from the device.
Implementation - instead of a USB disk, a network drive on which a script is running to copy data from a remote server.

K

Konstantin Tsvetkov, 2017-02-26
@tsklab

Protection against accidental or intentional deletion ... will periodically manually replace

And you can just take them out and hide them in a safe.

R

res2001, 2017-02-26
@res2001

Pretty strange words.
You know in advance that your server will be broken, so you want to protect the backups (moreover, the password for the backup cipher will be stored on the broken server! And of course the coolhacker will not be able to find the password for backups with access to the server). At the same time, do you have live data somehow protected?
On the question: store the backup on another physical computer that does not have access to the Internet (physically not - another VLAN, remove the default gateway, set up a firewall, etc.), prohibit Windows balls on it + a complex admin password + no other users + regulate access to the premises with servers. And you can not encrypt backups.
If I were you, I would insert disks for backups into the server, make raid0 or raid5 for backups on it, if the disk is not a pity. So you can remove the human factor when changing disks. I saw enough of this when, according to the regulations, it was supposed to change media for backups, but no one does this, the person who knew the regulations quit, and the rest do not even know where the backup is physically located. You will end up with the same :) Since then, I have always done automatic backups and an automatic performance check procedure.