| (4 intermediate revisions by 2 users not shown) | |||
| Line 9: | Line 9: | ||
In this scenario access to the server is restricted to Secure FTP(SFTP) and interfaces, such as CPanel. | In this scenario access to the server is restricted to Secure FTP(SFTP) and interfaces, such as CPanel. | ||
| − | *Backups of all site content and data should be taken on a regularly scheduled basis. | + | *Backups of all site content and data should be taken on a regularly scheduled basis. It may be impossible to automate these backups depending on the web interface used, so reminders in calendars etc should be set to ensure that staff are aware of the need to make a backup copy. |
*This data should be treated appropriately and stored either on a local backup disk in an encrypted volume or on a separate server also using an encrypted disk | *This data should be treated appropriately and stored either on a local backup disk in an encrypted volume or on a separate server also using an encrypted disk | ||
'''Dedicated/VPS Hosting''' | '''Dedicated/VPS Hosting''' | ||
| + | |||
There are a number of tools available for scheduled secure backup of site content and data where the user has access to the server directly. | There are a number of tools available for scheduled secure backup of site content and data where the user has access to the server directly. | ||
| − | These include Rsync, Bacula and [https://labs.riseup.net/code/projects/backupninja | + | These include Rsync, Bacula and [https://labs.riseup.net/code/projects/backupninja BackupNinja], for this guide we are going to recommend Backup Ninja in comparison with Duplicity, as this allows for incremental backups which are encrypted using GPG. This means that if the server that the data is being backed up to is compromised, the backed up information is still encrypted. However, this means that the GPG key used to encrypt the data should be stored both on the server being backed up and also offsite in order for its use in case of the need for the retrieval of backups. Additionally, Duplicity allows for differential backups - meaning that only changed data is updated reducing the time and foot print of each backup. |
===Example configs=== | ===Example configs=== | ||
| + | |||
==Data Recovery== | ==Data Recovery== | ||
| + | |||
| + | When using Backup Ninja and Duplicity restoring encrypted backups from a remote source is as simple as running | ||
| + | |||
| + | duplicity restore \ | ||
| + | --scp-command 'scp -o IdentityFile=/home/phaidros/.ssh/id_rsa_duplicity' \ | ||
| + | --sftp-command 'sftp -o IdentityFile=/home/phaidros/.ssh/id_rsa_duplicity' \ | ||
| + | --file-to-restore path/to/folder scp://user@host.mybackup.de/path/to/backup/ \ | ||
| + | localfolderforrestoredfile | ||
Latest revision as of 16:28, 18 May 2014
Data Backup
Backup is a core part of any digital security or hosting strategy. One of the most common causes of data loss, above hacking or malicious attack, remains accidental loss or loss through uncontrollable situations such as hardware or software failure.
Many hosting providers will provide backup mechanisms as part of a package but this should be confirmed. It will often incur an additional cost and should be considered as an aspect of the providers reputation.
Basic/Shared Hosting
In this scenario access to the server is restricted to Secure FTP(SFTP) and interfaces, such as CPanel.
- Backups of all site content and data should be taken on a regularly scheduled basis. It may be impossible to automate these backups depending on the web interface used, so reminders in calendars etc should be set to ensure that staff are aware of the need to make a backup copy.
- This data should be treated appropriately and stored either on a local backup disk in an encrypted volume or on a separate server also using an encrypted disk
Dedicated/VPS Hosting
There are a number of tools available for scheduled secure backup of site content and data where the user has access to the server directly.
These include Rsync, Bacula and BackupNinja, for this guide we are going to recommend Backup Ninja in comparison with Duplicity, as this allows for incremental backups which are encrypted using GPG. This means that if the server that the data is being backed up to is compromised, the backed up information is still encrypted. However, this means that the GPG key used to encrypt the data should be stored both on the server being backed up and also offsite in order for its use in case of the need for the retrieval of backups. Additionally, Duplicity allows for differential backups - meaning that only changed data is updated reducing the time and foot print of each backup.
Example configs
Data Recovery
When using Backup Ninja and Duplicity restoring encrypted backups from a remote source is as simple as running
duplicity restore \ --scp-command 'scp -o IdentityFile=/home/phaidros/.ssh/id_rsa_duplicity' \ --sftp-command 'sftp -o IdentityFile=/home/phaidros/.ssh/id_rsa_duplicity' \ --file-to-restore path/to/folder scp://user@host.mybackup.de/path/to/backup/ \ localfolderforrestoredfile