Hi > On 22/10/2019, at 4:14 AM, Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote: > > On 10/21/19 8:10 AM, Avinash Kumar wrote: >> Hi, >> On Mon, Oct 21, 2019 at 8:16 PM Alan Hodgson <ahodgson@xxxxxxxxxxxxxxx <mailto:ahodgson@xxxxxxxxxxxxxxx>> wrote: >> On Mon, 2019-10-21 at 16:40 +0530, Avinash Kumar wrote: >>> >>> We need to ensure that we have safe backup locations, for example, >>> push them to AWS S3 and forget about redundancy. >>> Why do you think only Offline Backups are reliable today ? The only way to ensure, you have a secondary protocol, is using some type of pull approach, were the backup system pull from the online system. >> There have been examples of hackers gaining control of an >> organization's servers or cloud accounts and not only destroying >> their online systems but also methodically deleting all their backups. There are fewer things that can go catastrophically wrong if one has >> actual offline backups. You have to be a lot more careful about >> protecting anything attached to the Internet. >> I do not agree with this. If a hacker is gaining control of your organizational servers to destroy your Online backups, can't he destroy the offline backups and your database ? They only way to be safe is having an external company or passwords isolated from your organisation, my personal approach is having public certs installed from the secondary backup system to pull the backups from the online platforms. Having generated passwords with a keepass encrypted database isolated from the Organisations. > > Well to me off-line means you have introduced an air gap between your on-line presence and your off-line backups. This would prevent an intruder from accessing the off-line backups. The only way is not having the access or perhaps a 2FA to login into AWS platforms to ensure you know when someone is trying to login to your AWS accounts, Linux servers support 2FA too. > >> This is not a right justification to encouraging Offline Backups over Online Backups. >> If you are worried about storing your online backups through internet on cloud (i do not agree as you can still secure your data on cloud), store it in on a server in your Organizational network and do not push them through internet. >> Taking Offline Backups is not the only right way to ensure Reliable Backups. >> We are way ahead of the days where you need to face downtime to take backups. >> Online Backups are reliable in PostgreSQL. I think offline backups are useful as complement to the online backups, my current policy of backups for offline one are ( weekly, monthly, yearly with 4 backup retention ) only one time a yearly backup was utilised to recover a human mistake. PS: I think if you are really worried about hackers, perhaps you need to chat with your security officer to ensure alerts, accountability and 2FA plus other techniques are implemented in your company, nothing will stop a good hacker and probably it is working inside of your company, 80% of the attacks comes from people that works inside of the company ( Orion security Chile in 2001 shared this information ), no clue what todays stats are. Ps2: don’t use passwords like secret, or s3cr3t, etc. and don’t forget security is just a feeling. > > > -- > Adrian Klaver > adrian.klaver@xxxxxxxxxxx > >