Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Offline Backups

jasnw

jasnw

macrumors 65816
Original poster
Nov 15, 2013
1,076
1,140
Seattle Area (NOT! Microsoft)
I use CCC to make daily backups of my main user directories and weekly backups of the whole system. Backups are made to external spinners (WD Reds) that are not mounted but are powered up. These are also password protected. Now, being the paranoid sort of person that I am, I'm worried that some bored skriptKiddie might finagle his/her/their way onto my system and be able to get into any drive that isn't either physically disconnected or at least powered down.

So, two questions:
1. Am I being too paranoid, or not paranoid ENOUGH?
2. Other than backups to the Cloud (not an option: did I mention I'm paranoid?) has anyone figured out a setup for automated backups that provides physical security as well as software security (unmounted, password protected)?

I do make offsite backups about once a month (external drives sneaker-netted to a safe-deposit box), but if there's some easy way to add a bit more security to my routine daily backups I'd be interested.
 
jasnw said:
Now, being the paranoid sort of person that I am, I'm worried that some bored skriptKiddie might finagle his/her/their way onto my system and be able to get into any drive that isn't either physically disconnected or at least powered down.
Click to expand...
In my view: You are looking at this the wrong way. Any controls you put in place for after a successful intrusion will inevitably impact on your use of the system. You should be putting controls in place to prevent intrusions.
jasnw said:
I do make offsite backups about once a month (external drives sneaker-netted to a safe-deposit box), but if there's some easy way to add a bit more security to my routine daily backups I'd be interested.
Click to expand...
For bad disasters (and I think of fire and theft before sciptkiddies) an offsite backup is the mitigation (hopefully never needed). If you are happy with losing up to a month's work continue with your safe-deposit box. If you would like a smaller loss of work, an encrypted cloud backup (e.g. Arq Backup) is a better solution. Encryption and safe-deposit boxes both use a key and both carry risks of losing access.
jasnw said:
I use CCC to make daily backups of my main user directories and weekly backups of the whole system.
Click to expand...
Why not hourly of the whole system? TM and CCC both make this easy with automatic pruning to weekly backups kept for as long as you like.
 
It's a balancing act - time spent fiddling with intrusion protection vrs. time spent fiddling with backups. My tie-breaking assumption is that I'm not clever enough and don't have the full toolkit to lock my system down short of disconnecting from the Internet entirely (and my wife's MBA, for that matter!). I've decided the prepare-for-the-worst approach works best for me. Hourly is too often most of the time, and on those occasions when it isn't I set up a quickie rsync script that I run out of cron to make snapshots of limited parts of my filesystem.

I am looking at periodic encrypted cloud backups. That might be the final "suspender" I need to make me feel OK.
 
I have two time machines; one I keep at work, in my desk, and the other at home. I swap them monthly.
 
Would you feel better if you powered off any drive that wasn't mounted with a HomeKit automation or something?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back