[Box Backup] Danger of files being erased

Alaric B Snell boxbackup@fluffy.co.uk
Sun, 01 Feb 2004 23:23:23 +0000


Ben Summers wrote:
>>  And also is it possible to lock the
>> backup key, like putting a passphrase on it? Of course the passphrase
>> has to be entered before using the key, which means when bbackupd or
>> bbackupquery is started.
> 
> There's not much point in doing this. It would add little to the 
> security of the system, and provide a false sense of security. Seeing as 
> the key and the data on the computer you've just broken into are 
> effectively equivalent, there is no reason to protect the key. An 
> attacker would just read the decrypted data.
> 
> Of course, there is the problem that if they broke in to your computer 
> and stole the keys, they could then use the backup server to get copies 
> of your files whenever they wanted. But this could be solved by changing 
> the certificate -- and you would notice the break-in, wouldn't you?
> 
> Security is about reacting, as well as preventing.

Is there a danger they could compromise system data, and then upload the 
new compromised versions to the backups? Worse than setting the deleted 
flag :-) What's done about multiple historic versions of files in the 
backups?

Interestingly, the clever upload-only-changes thing could well be used 
to help clear up after an exploit - reboot from a clean OS to get past 
the rootkit, then ask the bbackupquery tool to list which files were 
modified since the last backup run, and then hand-vet the changes...

>> - I'm really considering running it on every machine I own. I'm just
>>   waiting to get more disk space.
> 
> Thanks!
> 

Personally, I'm limited by bandwidth between my machines, which are all 
at different ISPs (with bandwidth charges) or on ADSL - which is why my 
trusty tape drives are still whirring away for now; I can use sneakernet 
for my high bandwidth backup transfers ;-)

I'm wondering about performing gross trickery and taking a laptop into 
each rack in turn, running the server, to do the initial 
upload-everything onto, then transferring the server install to a real 
server machine to then handle subsequent incrementals...

> 
> Ben
> 

ABS