blob: b3c19292df3dfdb27fa84e71fb12206482f2fbd4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# online-offsite-backup (name to change)
This tool provides a way to offer others a service for backing up important
files automatically.
Problem: Offsite backups could be as easy as a network filesystem - the problem
is however that these usually implement deleting files aswell. In the case where
a user's machine is comprimised by an attacker, these files could just be
deleted in the same way they were created, defeating the advantages of an
**offsite** backup.
Solution: Implement a network "filesystem" that only supports non-destructive
operations. Only implementing upload means that backups will accumulate on the
server. This tool deletes backups after N newer backups (like a ring buffer). To
prevent quick successive uploads as a means of deleting backups a cooldown for
backup uploads is implemented.
Intended Usage: This program is developed to be deployed on a number of servers
that are not under your control like backing up data of your friends. In such a
scenario, everyone in your friend group would run this software on their server
and negotiate keys with every other one.
Possible attacks: This software primarily protects against the exact case
mentioned above especially when been attacked by automated malware on your
machine. Your remote backups servers may still be vulnerable to social
engineering and supply-chain attacks.
Security: This software assumes security (and reliability) of the TCP
connections it makes: You **must** implement protection on this level yourself.
Backups are stored as-is on the remote server: If your backup requires it,
encrypt it!
## Usage
|
