Back up your systems securely
Creating backups is one thing, making sure they’re secure is another. We offer some tips for ensuring the process is as painless as possible.
Making backups of your data is critical. If you don’t regularly create usable backups, any outages, disk failures, or administrative errors can cause permanent data loss. But, although backups address the availability (and to some degree integrity) aspects of the AIC security triad (availability, integrity, confidentiality), they can introduce significant risks with respect to the confidentiality or secrecy of your data. In other words, when you centralize all your data on removable storage (e.g., tape drives), things can get very bad very quickly if the tapes are misplaced or stolen.
The solution, of course, is to encrypt your backups. Depending on the risk you’re willing to accept, strong encryption can even let you store your files in potentially insecure locations (e.g., a public cloud storage provider). In general, most backup programs support 256-bit AES, which is extremely strong, so with properly generated keys that are secured from attackers, your data should be safe from decryption for at least a few decades. However, you must consider several other issues when deciding how to apply encryption to your backups and how to manage your encryption keys.
Buy this article as PDF
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.
Redmond rushes in to root out alleged malware haven.
New initiative will bring futuristic virtual reality effects to the web surfing experience.
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
New cloud combines worldwide access with local attention to data security.