How to manage your backup server?

The following is an introduction to the six small elements of protecting a backup server, although some of these are difficult to do. However, applying these is much better than without any tricks.

port

1. closed without the use of the Review your backup vendor's documentation to determine which port for normal operation of your backup system is absolutely necessary, and then block all other port. For example, if your backup server does not need to be an NFS (Network File System) or CIFS (Common Internet File System) server, then you should turn off or revoke the backup server to provide this service. The same blocking measures are required for Web, print, Telnet, and other backup servers to run unneeded services.

2. Requirements for Cryptographic Access

If you are using express agreement to manage your backup server, an intruder can monitor your packets and determine your administrative password. Create a policy that blocks plaintext access to your backup server and enforces this policy. First, you must uninstall or close the plain text protocol, such as Telnet, FTP, HTTP, and so on. Then, all management tasks must be implemented through an encrypted protocol such as SSH, HTTPS, encrypted FTP, and SCP. This article comes from www.45it.com

3. reduce the number of personnel

have full access to the backup server if you need a root or administrator access to manage, restrictions have this privilege The number of people. Provide a different administrative password for the backup server and only provide the password to the person who needs access to the backup server. The average administrator may not like this approach because they usually have access to the entire system. However, you have to explain to them that this is to protect them. Put the backup system's administrative password in a safe place and only allow those who really need it to access the password.

4. Record the backup activity and record as far as possible into other servers using the system

record Unix backup server or third-party data protection management products to record all backup activity And put the records on another server to prevent malicious administrators from overwriting these records.

5. separate media management and backup management

you can put media management and backup management rights of two people each share, a person responsible for loading the tape, another person responsible for setting up the backup. Generally speaking, these tasks are all done by one person. However, separating these jobs can avoid the disaster caused by malicious employees. If a malicious employee has administrative rights, but they have access to the storage medium, he can't cause any damage. If a malicious employee has access to the storage medium, but he does not have permission to put anything into the medium, he can't cause any damage.

6. Research your backup product security features

backup software products in the past few years has increased the number of security features, including encryption, task-based security and enhanced customer and Administrator identification, etc. Encryption can encrypt the backup process, back up tapes or manage processes. Task-based security measures prevent processes that require root or administrator access to manage the system and allow you to separate responsibilities and decentralize power. Finally, the enhanced identity system abandoned the old practice of using IP addresses and hostname identification systems. Investigate which of the above features your product uses and use them immediately.