Conversation

Rich Felker
@RichFelker
Yet another reason backups should have proper cryptographic architecture.
Quote Tweet
Kevin Beaumont
@GossiTheDog
A ransomware gang thing seen recently - exfil Veeam backups of VMs, rather than exfil data from servers. Why? Easier &quick - centralised. Less monitoring - 7-zip on servers also has performance impacts. Network traffic on backup servers already in terabytes daily, less visible.
2
7
Rich Felker
@RichFelker
I *so* want a lightweight (no heavy deps that limit what systems you can use it on) automated incremental backup system with proper cryptographic architecture, that can use arbitrary storage providers, local or remote, with no need to trust them.
2
2
Daniel Micay
@DanielMicay
Replying to
@RichFelker
Cloud providers have much cheaper prices for long-term storage with a delay before retrieval. Full backups can be cheaper than incremental ones. S3 Glacier is $0.004 per GB and S3 Glacier Deep Archive is $0.00099 per GB. Both of those have up to a 12 hour delay before retrieval.
Twitter Web App
Rich Felker
@RichFelker
Replying to
@DanielMicay
I'm not sure how this relates to what I was looking for. Are you assuming incremental reads back from the backup? That's impossible in what I want because the backup is cryptographically append-only. Client has to track what was already backed up for incremental purposes.
1
Daniel Micay
@DanielMicay
Replying to
@RichFelker
The approach I'm using is taking atomic snapshots of the data, encrypting them with age using a public key and backing them up to long-term storage. It'd be possible to produce incremental backups locally but it's more complex and I'd want full backups at some interval anyway.
2
Show replies