Home -> Enterprise Data Backup and Recovery Methods Blog -> Seven Steps for Hardening Backup System Vulnerabilities

Seven Steps for Hardening Backup System Vulnerabilities

  • May 10, 2019

Regular backups are the most common and simple precaution that network administrators and individual business owners can use to guard against data loss. In order to be effective, limiting network access and facilitating open, ongoing communication between all parties is essential. It's also important to spot vulnerabilities and patch them before they can be found and exploited by others.

docker backup

Example of patch management schedule:

Here are some key ways to check for systematic vulnerabilities:

Perform vulnerability scans using software that's designed to automatically probe for security holes and other weaknesses.

Perform a port access check using an app that's designed to check network ports for unauthorized access.
Install backup system updates, making sure that you perform regular checks for the latest security patches. Patches should not only support your OS, but all apps and programs from non-Windows developers that are running on your system. This should be done weekly on every device connected to your network, both on and off-premises.

Be notified of any unauthorized change in data, using facilities such as Bacula’s ‘Verify Data’ tool. This will immediately tell you if anything changes, and can form an intrusion detection system with Bacula.

Here are some steps you can take toward ensuring that your backup system is protected:

 

  1. Install port firewalls: This will protect your ports from unauthorized access through unsecured or untrustworthy networks
  2. Run network-based firewalls: Consistent use of these will prohibit access to your backup software. It will also ensure that only selected hosts will be able to access backup server ports.
  3. Encrypt data: All data going in or out of your network and connected devices should be encrypted using the most current encryption standards. This is certainly true for the channel that needs to be encrypted, but some solutions such as Bacula offer additional data encryption too where applicable.
  4. Monitor backup systems: Backup software should be checked on regularly in order to double-check for unauthorized access and data leaks or breaches.
  5. Plan or review your architecture: Many organizations can get by with using an architecture that is more linear in nature. That doesn't work for larger or more established organizations that must contend with migrating and storing legacy data. Before you move one byte of data or deploy any servers, apps, or services to cloud-based storage, make sure to analyze the full scope of hardware infrastructure and capabilities, enterprise-wide. This means conducting a complete audit, determining the needs of your company based on the results of the audit, and using those results to make an informed decision to find the most cost-effective solution. Once that's done, you can decide on the best configuration for your situation.
  6. Run a penetration test of your system: You can never be sure that everything is secure unless you put the system to the test. Penetration testing can be performed through your IT department. Smaller companies might consider outsourcing to a third-party pen testing company.
  7. Craft a unified disposal system: This means creating an enterprise-wide policy for how and when data should be disposed of and by whom.

MSP and Hosting Privacy Protections

Ensuring your own, on premise backup system is secure is one thing, but what about the exchange of data with the Cloud? Some backup solutions offer more options in this regard than others. The Bacula open source backup and recovery project has developed a highly stable, comprehensive backup software, and is in use today by many small, medium and large enterprises, including many large hosting companies. The commercial arm of Bacula, called Bacula Systems, offers its support, together with Bacula Enterprise software, which has a huge range of additional functionality and performance to offer. The result has been a game-changing enterprise-level backup solution both for MSPs and regular businesses.

Bacula Enterprise automates many of the tasks formerly left to system administrators and computer operators. Less human intervention means more time is freed up for the Sys-Admin for other tasks.

But although Bacula has demonstrated the clear security benefits of open source code within a finished product, not all backup solutions are as protected from hack attacks as they might be.

Consider the reality that, even with your information placed in virtual storage, it still lives on a physical drive somewhere. This means that those who are concerned about data integrity from any side of the equation must still provide protection from data breaches.

When using an MSP or hosting provider, ensure that it has been vetted and has security as one of its highest priorities. According to a roundup of web hosting reviews from HostingCanada.org, roughly 65% of popular hosting companies’ choices offer a free SSL certificate, auto-updating to patch zero-day vulnerabilities, and keep their servers locked down against hackers with state-of-the-art security software.

Keep in mind that your hosting service is typically responsible for managing hardware and network security and upgrades on their end, but it's still up to you to oversee software installations and determine individual administrative and user access.

docker backup

Layers in a cloud service, that are secured by the provider versus the customer

The Bottom Line

The cybersecurity media issues incessant warnings about beefing up security and backing up data. It’s hard to imagine any company not having at least some realization of the danger of malware and hackers, but a great many still don’t follow through with a preventative strategy. A single catastrophic breach can be fatal to a company, so dedicating the time and resources to protect your information is, going forwards, a critically important investment. Contact Bacula Systems now to find out how you can significantly harden and protect your company's data.

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>