The same is true of RDX, the removable disk-drive technology that behaves a little like tape. Tape is getting a resurgence in popularity because it is impervious to electronic attacks if it’s offline. One important thing to note, however, is that this feature is easily disabled by anyone with root, so a bad actor with escalated privileges can unset the flag and delete backups. When it’s enabled, nobody-attackers included-can delete backup files once they’re written, so it offers some protection. If your backup software supports it, use Linux’s immutability flag on your backups. Storing backups on a different OS helps build an air gap to protect the backups. They should be running a different operating system, especially if your main backup server is Windows, which is often a target for ransomware attacks. Most backup systems have the concept of media servers or storage servers where backups are stored. Store backups on a different operating system It’s best to have this conversation before you buy, but most products have a way to do this. Instead, ask your backup-software or deduplication vendor for a more secure way to connect the two. This includes locally attached disk arrays formatted as the F:\ drive or a deduplication appliance mounted via NFS or SMB. Bad actors can’t encrypt, delete, or exfiltrate backups they cannot see as files, so don’t give them that option. This recommendation is less obvious than the others but may be the most important. That key is far too easy for adversaries to access once they manage to escalate privileges, and once it is accessed, your encryption keys are vulnerable. It will likely cost more than key management that’s built into your backup system, but it’s well worth considering, especially if your system stores its keys inside a database that is encrypted only with the Windows machine key. Reduce the likelihood that the bad actors will get their hands on both the encrypted data and the keys necessary to decrypt it by using a third-party key management system.
0 Comments
Leave a Reply. |