From owner-freebsd-questions@FreeBSD.ORG Fri Dec 5 01:00:28 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A559FBCB for ; Fri, 5 Dec 2014 01:00:28 +0000 (UTC) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6328C2DD for ; Fri, 5 Dec 2014 01:00:28 +0000 (UTC) Received: from r56.edvax.de (port-92-195-18-117.dynamic.qsc.de [92.195.18.117]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id E6C3127608; Fri, 5 Dec 2014 02:00:25 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id sB510P0B002766; Fri, 5 Dec 2014 02:00:25 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Fri, 5 Dec 2014 02:00:25 +0100 From: Polytropon To: Olivier Nicole Subject: Re: Backup solution for freeBSD/Symantec Backup exec porting Message-Id: <20141205020025.396c0d8a.freebsd@edvax.de> In-Reply-To: References: <999d7e80e60f466682c736f275b75788@Server02.ad.ezmax.ca> <54809639.4070103@netfence.it> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Ian Lord , "freebsd-questions@freebsd.org" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2014 01:00:28 -0000 On Fri, 5 Dec 2014 07:00:33 +0700, Olivier Nicole wrote: > Hi, > > > It's kinda hard for a hacker to format all the tapes > > in a library furthermore, some tapes will be put in a safe... > > Understanding that putting the tape away in a safe is a manual thing, > you could also put an HD in a safe... Still it's an important reminder about actual _access_ to backups. Of course it's very comfortable to access all the backup media without manual (human) intervention, but it can be dangerous. Imagine a situation like what Cryptolocker malware usually does: It encrypts anything it can access, and if it can find the backups, they will be useless in any attempt to restore the system. I'm sure it's more complicated to encrypt tapes (in an ATL) than disks, but it's still dangerous when they can be accessed "too easily". > One thing I like about the HD solution is that you need nothing to > access your files (at least with Amanda): only dd(1) and tar(1); it > can work even if Amanda server is dead. Exactly, and there is no proprietary (and undocumented) file format involed, or manufacturer-specific connectors and access protocols. This is unimportant as long as everything works as expected, but it may become essential in a worst-case scenario. > In fall 2011, we were flooded and had to move the datacenter. I packed > the minimum amount of servers, but I also packed the backup HD, > knowing that I could use them with no backup server) On-site and off-site method - where off-site actually means "somewhere else", instead of putting them next to each other. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...