8.14. Security Historically, backups and security have had almost completely opposite goals. Things such as .rhosts files in Unix systems were absolutely necessary to gain any type of backup automation, and yet they are a well-known security problem. Fortunately, most modern backup products have worked around these problems. Here are some security issues to consider: Daemon/service communication -
Any decent product is going to have a secure method of communicating with the client. They will not require insecure communication methods such as rsh. System authentication -
How will the server and client verify each other's identity? Will they simply use hostnames and IP addresses? That's easily faked and should be avoided. Another method is to use the root password of the client. This requires the backup administrator to know the root passwords of every clientalso not a good idea. Other systems use sophisticated one-time passwords that are very strong. Investigate how your backup software authenticates its systems. User authentication -
How does the backup software authenticate administrators of the system, or people who want to perform user-level recoveries? Do they have their own database? Do they integrate with Active Directory or NIS? Role-based authorization -
Once a user is authenticated, are they all-powerful, or can you assign certain tasks to some people and not others? It would be nice if the person responsible for monitoring backups is not the same person setting them up. It would be nice to limit the number of people who can delete or overwrite backups. Encryption -
http://www.privacyrights.org maintains a list of privacy breaches, and as of this writing, it lists over a dozen tape-related privacy breaches. With all the attention these incidents are getting, more and more people are asking for encryption. Encryption can be accomplished in one of three ways. The data can be encrypted in the original filesystem. It can also be encrypted by the backup software as it's being transmitted to the server. Finally, it can be encrypted by a hardware appliance. If you're considering backup software encryption, make sure to talk to your backup vendor about it. |