Network Data: Backup Security
Backups create an often-overlooked security exposure for your network. No matter how carefully you set up user accounts and enforce password policies, if any user (including a guest) can perform a backup of the system, that user may make an unauthorized backup. In addition, your backup tapes themselves are vulnerable to theft. As a result, make sure that your backup policies and procedures are secure by taking the following measures:
Set up a user account for the user who does backups. Because this user account has backup permission for the entire server, guard its password carefully. Anyone who knows the username and password of the backup account can log on and bypass any security restrictions that you place on that user’s normal user ID.
Counter potential security problems by restricting the backup user ID to a certain client and a certain time of the day. If you’re really clever (and paranoid), you can probably set up the backup user’s account so that the only program it can run is the backup program.
Use encryption to protect the contents of your backup tapes.
Secure the backup tapes in a safe location, such as, um, a safe.