[GTALUG] Man deletes his entire company

Alvin Starr alvin at netvel.net
Fri Apr 15 17:59:02 EDT 2016 

On 04/15/2016 05:40 PM, Lennart Sorensen wrote:
> On Fri, Apr 15, 2016 at 05:12:40PM -0400, Alvin Starr wrote:
>> For things like system backups you tend to have to run as root.
> Often for some parts.
Its those parts where bad things happening can really hurt.
>> Your backup device often has to be connected to the server. I have yet to
>> see a backup media the magicaly gets data written to it while on the shelf.
>> So once you have plugged in your back up media to backup and  your backup
>> program runs wild ... your kind of screwed.
> That's why you have a rotation of backup devices.  That way you still
> have a backup while creating a new one.  If your only backup is connected
> to your system, then you have no backups at all.
Rotating backup media is becoming a thing of the past.
A lot of organizations are moving to cloud backup or backing up to some 
NSA/SAN or other connected device.
In an environment where changing disks/tapes is hard like in a data 
centre then the single backup device is attractive.

I do work for a backup provider and they have a large number of 
companies who in essence have a single point of failure for their backups.

For better or for worse people are moving their backups offsite but into 
a single location.

>> I kind of think it would be possible to use selinux to insure things like
>> backups or system files cannot be deleted by accident.
>>
>> That would take some work to get right and I believe most systems run with
>> selinux disabled.
>> I know there are more than a few packages that I administer where they
>> outright say the selinux must be disabled.
>>
>> Screwing up backup software is all too easy.
>> I once worked for a computer company the sold systems to banks and for about
>> a 3 month period a bug in the tape driver software was writing blank tapes.
>> It was not discovered till a customer tried to restore something simple.
>> Fortunately nobody needed to do a real restore of important data.
> Well it isn't really a backup until it is verified either.  Many people
> skip that step.  I certainly have at home in many cases.
True enough but testing your recovery processes is something that is 
seldom done.
Taking systems offline to do a full recovery is just too big a pain.

You also have to do the recovery testing on a regular basis.


>> This company had a number of VERY smart people doing the coding but still
>> silly errors crept through.

-- 
Alvin Starr                   ||   voice: (905)513-7688
Netvel Inc.                   ||   Cell:  (416)806-0133
alvin at netvel.net              ||

More information about the talk mailing list