[gpfsug-discuss] Ransom attacks
Jonathan Buzzard
jonathan.buzzard at strath.ac.uk
Thu May 27 16:49:02 BST 2021
On 27/05/2021 16:23, Skylar Thompson wrote:
[SNIP]
> at the end of the day, nothing beats the air-gap of tape backups, IMHO.
Changing/deleting lots of data on tape takes time. So tape is a really
good starting point even if you never take the tapes out the library
except to dispose of them. Your backup is your get out of jail card.
Protect it like it's Fort Knox.
A bit of security through obscurity by using Power and AIX will not go
amiss. Even if it only buys you a couple of hours that can be enough to
save the backup from harm.
Passwords on the Spectrum Protect server should be good *never* be used
anywhere else, and only a handful of trusted people should have access
to them.
Make sure you have a reuse delay on those tapes so even if the bastards
do a del filespace (if they even know how to use TSM) you can roll back
the database.
I also have the notion that you should be able to cut the power to the
Spectrum Protect server and tape libraries such that it requires an on
site visit to manually power them backup by flicking a nice big molly
switch. I have a notion in my mind of tripping a residual-current
device/ground fault circuit interrupter by using a relay to create a
neutral earth fault. First sign of trouble disconnect the backup system :-)
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
More information about the gpfsug-discuss
mailing list