What's the point of primary and secondary backups if they can be accessed with the same credentials on the same network
Technology
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
They weren't normally on the same network, but were accidentally put on the same network during migration.
What’s the correct way to implement it so that it can still be automated? Credentials that can write new backups but not delete existing ones?
I don’t know if it is the „correct“ way but I do it the other way around. I have a server and a backup server. Server user can‘t even see backup server but packs a backup, backup server pulls the data with read only access, main server deletes backup, done.
I feel really bad for everyone involved - customers and staff. The human cost in this is huge.
Yes, there's a lot of criticism of backup strategies here, but I bet most of us who deal with this professionally have knowledge of systems that would also be vulnerable to malicious attack, and that's only the shortcomings we know about. Audits and pentesting are great, but not infallable and one tiny mistake can expose everything. If we were all as good as we think we are, ransomware wouldn't be a thing.
I wonder why they can't/won't pay.
Time and time again, data hosting providers are proving that local backups not connected to the internet are way better than storing in the cloud.
The 3-2-1 backup strategy: "Three copies are made of the data to be protected, the copies are stored on two different types of storage media and one copy of the data is sent off site."
This is the way.
How would that work in practice? 1 medium offsite, and 2 mediums on-premises?