[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Biggest nightmare
From: |
Cristian KLEIN |
Subject: |
Re: [Duplicity-talk] Biggest nightmare |
Date: |
Sun, 31 May 2009 10:05:08 +0200 |
User-agent: |
Thunderbird 2.0.0.21 (X11/20090409) |
Kenneth Loafman a écrit :
> Cristian KLEIN wrote:
>> Hello list,
>>
>> I wanted to ask you how did you prepare yourself to deal with your
>> biggest nightmare. Say somebody hacked your system and wants to do the
>> biggest damage possible. So his strategy goes as follows:
>>
>> - he installs a sniffer or uses another method to get access to you
>> duplicity backup host
>> - he deletes your hole home folder
>> - he deletes yours backups from your backup host
>>
>> Is anybody dealing with this situation right now? How?
>
> Sorry to hear you're having problems.
Luckily, I don't have this problem. But better be safe than sorry. :)
Thank you very much for your feedback. I observe that there are two
solutions:
1) Also store backup off-site.
2) Backup-host initiated backup.
I would like to add another idea and know what you're thinking about it.
Everything duplicity needs for „normal” backup operations is to list
files, read files and create new (non-existing) files. So I thought
about creating a restricted SFTP server, which would allow exactly these
three operations. Then an evil attacker could not compromise backups.
A user who has an SSH account on a backup host, would use two keys:
a) not-password-protected, restricted to SFTP
b) password-protected, restricted to backup maintainance, which he
should actually *never* use
Unfortunately, I could not find any Restricted SFTP server, but writing
a paramiko-based one should not be too difficult. Also, duplicity does
not currently have a „pure” SFTP backend, but again, this should be
piece of cake.
So, what do you think?
- [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/30
- Re: [Duplicity-talk] Biggest nightmare, Kenneth Loafman, 2009/05/30
- Re: [Duplicity-talk] Biggest nightmare,
Cristian KLEIN <=
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, rsync.net, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31