Looking for the ultimate backup solution using:
1. Mirror/RAID of active files system with a backup copy on local NAS.
2. Local backup copy on a second NAS
3. Remote backup copy that is a Write once, Read Many “WORM” system
We will also make a full bare metal backup of each computers OS and Apps.
How could this be hacked? Could a payload be added to each data file so when it is opened or read it would execute a hacking program? How could we make this better? Why are people buying Datto Systems? I think they can be hacked? What is the best backup solution? What are banks and finace companies using?
A WORM system can’t be changed once data is written, so that part is pretty solid. But if a file already has a virus or hidden code before it gets saved, the WORM will just store it as-is. It won’t stop something malicious if it’s already in the file.
To avoid that, it’s best to scan all files for malware before backing them up, especially before they go to WORM storage. Also, keeping backup systems isolated from regular network access helps reduce the chance of infection.
As for Datto, people like it because it’s all-in-one and easy to manage. But yeah, no system is safe , any setup can be hacked if it’s not secured properly.
Banks and finance companies usually use a mix of cloud storage with strong controls, offline backups (like tapes), and regular security checks.
The concept that should be implemented is “separating control planes” which means segregating the administrative functions and access mechanisms from the actual data storage and its policies. This separation is a critical security measure, especially against ransomware and insider threats.
Control Plane: This refers to the systems, interfaces, and permissions used to manage your backup environment. This includes:
Backup software administration consoles.
APIs for configuring backup jobs, retention policies, and storage settings.
User authentication and authorization systems (e.g., Active Directory, identity providers).
Network infrastructure that allows management access to backup systems.
The ability to delete backups or change immutability settings.
Data Plane: This refers to the actual storage where your backup data resides. It’s about the “write-once, read-many” (WORM) nature of immutable backups, where once data is written, it cannot be altered or deleted for a predefined period. This plane is designed to be highly resistant to changes.
Companies doing this properly have those things segmented and separated. But for convenience reasons companies don’t do this. For example many companies use Active Directory and will also have their access to their backups also tied to their Active Directory accounts which means if that is compromised threat actors get access to everything.
Back a couple years ago when I was in charge of a bank disaster recovery center they used tapes on a rotation protocol. Something like 1 tape per month, rotated every year, meaning you have 12 tapes of monthly backups. And then 1 tape per week, rotated every 4 weeks.
In practice it was a bit more complex than that, with special procedures in place where some copies were on site for speedy recovery in case of emergency and some others were stored off site in various locations. Lots of redundancy and policies in place.
Point being, it’s a bit tough to hack a tape that’s stored in a closed fire proof safe with properly enforced access protocols for the safe keys, the rooms the keys were stored in and so on.
If your WORM solution is entirely software based, it can be hacked. Some harder, some easier, but none is 100% secure.
If you want an offline backup, the main options in my opinion are LTO tapes. There are several models on the market with different sizes, speeds and costs.
I have friends who use LTO4 for offline backup of exam images such as MRI and X-rays from the DCM4CHEE/PACS software, and it has worked very well! If the data volume is larger, you can use LTO 8 or 9, for example, whatever fits your budget and needs.