BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] Backing up a BackupPC server

2009-06-04 12:15:09
Subject: Re: [BackupPC-users] Backing up a BackupPC server
From: Les Mikesell <les AT futuresource DOT com>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Thu, 04 Jun 2009 11:08:53 -0500 
Jeffrey J. Kosowsky wrote:
> 
>  > However, it would still be disturbing to realize that your backup 
>  > integrity could be compromised by anyone with access to the files. 
>  > Consider a scenario where a disgruntled employee who still has access to 
>  > files first prepares the 'evil twin' file with the hack to force an md5 
>  > value and puts it somewhere that the backup system will find it.  Later 
>  > he makes the matching alteration to critical files in a way that doesn't 
>  > break normal use.  Then he waits for any backups of the unaltered data 
>  > to expire, then destroys the working copies and leaves.
>  > 
>  > Assuming it's your job to restore a working copy, what happens next?
> 
> I would assume that if such a "disgruntled" employee has *write*
> access to critical files, then surreptitiously modifying a few backup
> copies would be the least of your worries.

Perhaps, but you are the backup guy and expected to be able to fix those 
other things.

> He could much more easily
> and reliably make other non-detectable changes to the same critical
> files that would be much more guaranteed to create damage than to hope
> that some day there would be a crash of the system requiring a restore
> of the corrupted pool file.

He doesn't have to 'hope' you need a restore - he can just wipe all the 
live copies.  Now it's time for you to put back the old working copies. 
With the current backuppc scheme of collision detection you could - if 
you relied on md5's blindly you couldn't - or you might get an ugly 
surprise from the substitute file.

> And if an employee was so skilled to know
> how to manipulate the block architecture and md5sum hash of the backup
> system,

At this point that basically means he knows how to read - but having 
smart employees is not something a company should generally avoid.

> then he surely would be talented enough to come up with many
> more serious, evil, and probably less detectable ways of causing
> damage.

But you expect your backups to protect against those things.  There 
probably would be even more subtle implications where a backup system is 
shared by different companies or groups and one could poison the pool 
against files they might be delivering to one of the others.

-- 
   Les Mikesell
    lesmikesell AT gmail DOT com



------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] Host Summary - Full Size: Wondering where itcomes from, Jeffrey J. Kosowsky
Next by Date:  Re: [BackupPC-users] Backing up a BackupPC server, Les Mikesell
Previous by Thread:  Re: [BackupPC-users] Backing up a BackupPC server, Jeffrey J. Kosowsky
Next by Thread:  Re: [BackupPC-users] Backing up a BackupPC server, Jeffrey J. Kosowsky
Indexes:  [Date] [Thread] [Top] [All Lists]