Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

The Need for Tape

By Steve Jones,

This editorial was originally published on Mar 26, 2009. It is being re-run as Steve is away at DevConnections.

One of our SQLServerCentral authors sent me this post, which I found to be pretty amazing. Apparently hackers broke into a backup server at WebHostingTalk, which is a community for hosting providers to discuss issues. They deleted backups first, and then moved on to deleting tables from the database.  It resulted in some downtime, and then a restore of an old copy of their database prior to trying to restore more recent copies. More information from the admin is here.

Now that's just malicious and nasty.

Hopefully this wasn't an inside job, though I could see that as a possibility. For a service like this, that just provides a place for a community, let's people interact and talk, this is just vandalism. It serves no purpose. It's likely no one even knows it was "M@M@sB0Y" or some other hacker, so there's no fame, and it disrupts people who just want to converse with colleagues.

I'd hate to think about this happening here. We have lots, and lots of posts from people all over the world, and while it wouldn't kill us, it would really annoy many people that have volunteered their valuable time to help others by losing their work. We definitely need to make sure we don't have an issue here.

I see two takeaways from this incident for most DBAs and administrators. First be sure that your backup servers are just as secure as your production ones. There is production data in the forum of backup files here, and you should be providing as much security for them, and perhaps more, as on other servers. Don’t treat these servers lightly.

Second I think this shows that there's a need for tape backups, or some type of non-linked backup. A tape grabs the files from your server, completely separately from the SQL Server (or other application). It is a pull link, and it's not obvious from the source server where these files have gone. That's good in that it prevents some type of attack on the main server from propagating on. Most people use a push from their server to a remote device as part of the backup process. That's OK, but it provides an easy link for someone to attack the backup server from the main one.

And one more benefit of tape? Usually they're rotated out, so even if a hacker or insider knows how to get to the backup system, without physical access they can't touch your tape.

Steve Jones


The Voice of the DBA Podcasts

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 304 | Views in the last 30 days: 2
 
Related Articles
ARTICLE

Podcast Announcements

Podcast Feeds

FORUM

SQL Server Backup VS Other Backup Tools (like AppAssure Replay for SQL)

SQL Server Backup VS Other Backup Tools (like AppAssure Replay for SQL)

BLOG

Powerscripting Podcast 2

I was interviewed by Jon (@JonWaltz) and Hal (@Halr9000) in episode 106 of the PowerScripting Podcas...

BLOG

SQL Server Podcasts

Photo credit: Digitalnative About a year ago, I came across an online deal for a car stereo system ...

BLOG

Technical Podcasts I Listen To

There are a few podcasts I tend to listen to as I have time. Since I work with a wide...

 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones