I.e. thoughts and questions on backups.
Continuing on from making my system secure against the most likely attacks etc. I need to make backups of the 'important' data.
Currently I backup from my main server system (the pre-update one at the moment) to a system on the home LAN in the garage. The garage is a fair way from the house so in the event of a serious disaster (e.g. a fire) it should survive. I also backup the *most* important files off-site to my account at my hosting provider.
At the moment these backups are 'pushed' from the main system, i.e. it is cron in that system that runs the backups. This requires that I have passwordless access to the destination system and here I see a hole! If a hacker got into my main system [s]he could immediately gain access to the backup destinations as well and destroy data there.
How can one overcome this issue? I can see a partial way around it for the LAN backups, I can remove the passwordless access to the system in the garage and change to a 'pull' backup that is run by cron on the garage system. The garage system can have passwordless access to the main system to enable this, there's no access through the firewall to the garage system so a hacker would need to guess the garage system passwords to get to it. This at least provides another layer of pretection against malicious attacks.
However I can see no way to pretect the off-site (across the internet) backups from similar attacks. If the shell account at my hosting provider was to have passwordless access to my home system that would lay me open to all sorts of malicious attacks so obviously that's not possible so I can't use the 'pull' backup from there. If I'm going to backup as at present the passwordless access to the off-site system needs to remain and therefore is open to a malicious attacker.
It occurs to me that I could *possibly* do the backups from the garage system to the off-site system, that would improve things somewhat.
How does the world at large do backups to remote systems without incurring security problems?