[enneff]

They did have off-site backups, which the hacker found and erased.

One strategy that I employ to mitigate this is to have my backup service connect to the production server, rather than the other way around. That way if your production services are compromised, your backups remain untouched (on a machine that's running no services, behind a firewall, etc, and for all intents invisible).

[ekarulf]

We use tarsnap (http://www.tarsnap.com) to handle our offsite backups. If you give your production servers write only keys you can mitigate this risk (and not send your backups across the wire in the clear).

[jlcheng]

I thought the typical definition of offsite backup also means data is backed up to a media like tape and stored in a different location.

How is your offsite backup implemented? Is the data stored on a network drive, or backed up to tape?

[enneff]

My understanding is that an offsite backup is, as the name implies, a backup that is stored at a geographically separate location to your production site.

I have a few servers deployed at various locations around the world, and I have a machine here at home that performs rsnapshot daily backups of their files. I then make bi-monthly backups of those backups, and store them in a saftey deposit box at a bank. This means that if my servers go down, I can restore them to within a day. If my house burns down, I still have my data to within two-weeks.

[jlcheng]

That's pretty much how it should be done. Let's hope the guys at astalavista is smart enough to do that. Your approach adds an additional layer of protection in case, as you'd put it, someone gets into your home server and deletes them. That, and tapes are less likely to get corrupted or become unreadable than the drives on your server, which may cut down on recovery time.

When your business gets bigger, it might be worth it to look into dedicated hosting and have the datacenter do the backup for you. After all, you want to spend your time managing your IT crew, rather than driving those tapes to the bank :)

[sev]

Definitely a much better method of handling backups. Completely agreed.

[obanite]

What's the point in offsite backups (for security reasons) if they're connected over network connections?

[notaddicted]

Physical security, i.e. protection against fires floods and comets, etc.