[AusNOG] CryptoLocker Virus
Matt Palmer
mpalmer at hezmatt.org
Fri Oct 25 09:02:10 EST 2013
On Fri, Oct 25, 2013 at 07:01:13AM +1000, Luke Smith wrote:
> > I'm somewhat surprised that it isn't a more widely-broadcast best practice
> > to ensure that the machine being backed up has no capability to modify the
> > existing backup sets.
>
> And that's why I still think tape (or other offline storage) is still a
> valuable part of any backup strategy.
You don't need to resort to antiquated technologies to avoid clients being
able to nuke their own backups. Server-initiated backups (my preference)
get this capability by default, and even with client-initiated backups, it's
not hard to allow the client to create and write to a new backup set without
allowing the client to modify or remove completed backup sets.
- Matt
--
Sure, it's possible to write C in an object-oriented way. But, in practice,
getting an entire team to do that is like telling them to walk along a
straight line painted on the floor, with the lights off.
-- Tess Snider, slug-chat at slug.org.au
More information about the AusNOG
mailing list