[dusted]

Yesterday, All those backups seemed a waste of pay. Now my database has gone away. Oh I believe in yesterday.

Suddenly, There's not half the files there used to be, And there's a milestone hanging over me The system crashed so suddenly.

I pushed something wrong What it was I could not say.

Now all my data's gone and I long for yesterday-ay-ay-ay.

Yesterday, The need for back-ups seemed so far away. I knew my data was all here to stay, Now I believe in yesterday.

--

From usenet

My comment on the situation: Online mirrors are fine, but calling them backup is a stretch of the imagination,since you must assume that an event can compromise all data within a domain (be it The Internet, or a physical location).

A true backup must be physically and logically separate.

[soco]

Which is why we have the 3-2-1 rule, not only for business but also for personal data: https://www.veeam.com/blog/321-backup-rule.html Otherwise I agree, they are not "backups", just maybe a glorified copy.

[permo-w]

there are stronger backups and there are weaker backups, but as long as the intention is for an informational failsafe, they're all still backups. arbitrarily deciding what forms are "true" or "not true" or a "glorified copy" seems a bit silly to me. the world is just a bit more complex than that

what is a backup if not just a form of copy anyway?

[Ekaros]

Also temporally separated. That is you must have backup that is beyond attackers time horizon. This is only way to get back at least something.

[westernpopular]

What does time horizon mean?

[chrisandchris]

An attacker may intrude your environment and slowly destroy data without you realizing. If this process takes e.g. 10 days, you need backups for 11 days to be safe.

This scenario happens often (as far as I know) with ransomare attacks (on personal devices): Encrypt least used documents first. Probably noone will realize it over weeks that data "is gone".

[dusted]

Absolutely!

[tommiegannert]

Online mirrors are fine if they have boundaries that make them very certainly append-only.

Opening up scp/rsync and saying "our client only writes new files" is bad. Using a dedicated stream-writing interface over TLS is probably fine.

As for the other attack vector: segregating the admin credentials so that the stream-writing interface cannot be bypassed, yeah, fun. 2FA only gets you so far.

[nurettin]

> A true backup must be physically and logically separate.

That doesn't stop it from being targeted by hackers. No amount of hindsight will save your backups unless they are in an offline cold storage somewhere protected by men-at-arms.