[Box Backup] Danger of files being erased
Ben Summers
boxbackup at fluffy.co.uk
Mon Feb 2 10:03:18 GMT 2004
On 1 Feb 2004, at 23:23, Alaric B Snell wrote:
> Ben Summers wrote:
>>> And also is it possible to lock the
>>> backup key, like putting a passphrase on it? Of course the passphrase
>>> has to be entered before using the key, which means when bbackupd or
>>> bbackupquery is started.
>> There's not much point in doing this. It would add little to the
>> security of the system, and provide a false sense of security. Seeing
>> as the key and the data on the computer you've just broken into are
>> effectively equivalent, there is no reason to protect the key. An
>> attacker would just read the decrypted data.
>> Of course, there is the problem that if they broke in to your
>> computer and stole the keys, they could then use the backup server to
>> get copies of your files whenever they wanted. But this could be
>> solved by changing the certificate -- and you would notice the
>> break-in, wouldn't you?
>> Security is about reacting, as well as preventing.
>
> Is there a danger they could compromise system data, and then upload
> the new compromised versions to the backups?
Yes.
> Worse than setting the deleted flag :-)
The current security model assumes that access to the client machine
and it's data is equivalent to access to the backups -- which I feel is
reasonable since an attacker can just read the unencrypted files.
However, future versions will have a system of "marking" snapshots, so
you'll easily be able to go back in time before the compromise.
There's roughly the same problem with any other backup system -- if you
don't notice and rotate so the good data is deleted, you've lost the
backup.
> What's done about multiple historic versions of files in the backups?
They are all available, if in a slightly non-user friendly way.
http://www.fluffy.co.uk/boxbackup/retrieve.html
Although I will make this better in the future.
>
> Interestingly, the clever upload-only-changes thing could well be used
> to help clear up after an exploit - reboot from a clean OS to get past
> the rootkit, then ask the bbackupquery tool to list which files were
> modified since the last backup run, and then hand-vet the changes...
Interesting... :-)
>
>>> - I'm really considering running it on every machine I own. I'm just
>>> waiting to get more disk space.
>> Thanks!
>
> Personally, I'm limited by bandwidth between my machines, which are
> all at different ISPs (with bandwidth charges) or on ADSL - which is
> why my trusty tape drives are still whirring away for now; I can use
> sneakernet for my high bandwidth backup transfers ;-)
>
> I'm wondering about performing gross trickery and taking a laptop into
> each rack in turn, running the server, to do the initial
> upload-everything onto, then transferring the server install to a real
> server machine to then handle subsequent incrementals...
Yes, that would work.
Ben
More information about the Boxbackup
mailing list