porn - javhd - hentai

Backing-up your organisation with open source

By   |  March 26, 2009

While backup and recovery solutions are considered paramount in most organisations, they are possibly one of the most overlooked procedures in company security policies, mainly because they seem to try to achieve the opposite.

Security demands strong encryption and overall policy control over employee and enterprise-wide information, while backup software tries to simplify the data centre recovery process regardless of platform, location and user, anywhere on the network.

This requires a certain level of trust between the machine that is being backed up and the back-up server which has to be verified, and leaves data open to possible vulnerabilities if it’s not correctly configured.

For example, on some popular proprietary enterprise backup software, the default settings allow any user to initiate a backup from any backup client, which can be used for malicious intent.

Encryption
When deciding on a backup software solution, it must have strong encryption and configurable authentication on both the source and the destination, using as a key-based mechanism such as the open source tool openssh.

This is particularly relevant if you are doing backups of regional offices to the central server over an unsecured network such as the Internet. Imagine the consequences if your customer data was intercepted and exposed? What damage would it inflict on their business and your company reputation?

It is therefore important that data should be encrypted at all times, be it in motion or at rest, with the flexibility to use various encryption methods, especially as new algorithms emerge. Why are many organisations not doing this? There are solutions available that do this, but they come at a price.

An alternative option would be to use the open source solution, Amanda Enterprise. The software solution does all of the above encryption required, but goes one step further, it works with the key management practices governed by your IT policies rather than its own.

Roles
Additionally, IT administrators are tasked with a variety of tasks, including backup and recovery procedures and this laborious task often gets passed on to ordinary staff. Administrators generally have the rights to recover anyone’s data, which leaves it vulnerable to abuse. A backup solution must have a user policy where administrators can define who can backup specific sensitive data.

Moreover, the major security risk in proprietary backup software is that all configuration files that store information such as passwords and user access rights also allow access to application and data servers. The problem however is that no-one in your organisation knows how it’s written or if it’s totally secure, and we regularly hear that new vulnerabilities are discovered that expose sensitive company information.

By using open source backup software, its peer-review community based approach to developing software ensures that no code is left unturned. If there are flaws or vulnerabilities in the code they are bound to be discovered and changed by either seasoned developers or by using freely available tools such as Rough Auditing Tool for Security, ITS4 by Cigital and Flawfinder by David A Wheeler.

Today there are a number of commercial solutions out there that are expensive, difficult to maintain, and enforce vendor lock-in which is why you should be looking at open source. The bottom line is, when choosing a backup solution for your organisation, security should be a top concern.

Fred Strauss is technical manager at Obsidian Systems.

Do you want to be a guest writer?

Photo credit: Devonyu

Comments

Comments are closed