How To Prevent Being Hacked Via Backups?

Popsikle writes "A few days ago one of the Web's largest hosting discussion forums was supposedly hacked via their backup servers. From the story: 'We've since learned that this very deliberate, sophisticated and calculated hack against Web Hosting Talk was carried out by gaining access to our offsite backup servers. From our backup servers, the hacker gained access to the WHT db server. The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.' What sort of security do you put on your backup infrastructure? Looking at your backup solution could you be completely taken down by either someone obtaining a backup or accessing your backup servers? What sort of recommendations does everyone have for this not to happen?"

Easy fix

[bingbong]

Offline and offsite storage (i.e. iron mountain) is a simple (though sometimes costly) way of doing things.

it'll solve this problem quite easily.

Re:Easy fix

[QuantumRiff]

Even easier.. put a external HD with Truecrypt under your bed. Maybe take a second one into the office, Lock it in a drawer, just in case your house burns down..

Every week or so, use 1 to backup. Alternate which one. Add more drives, or more often backups until you get to the point you sleep easy at night.

Re:Easy fix

[tepples]

HDs are NOT backup media.

Please provide a citation that hard disks are noticeably worse than tape, which you appear to otherwise recommend.

Re:Easy fix

[QuantumRiff]

No, they are not, you are correct. In my post, I was assuming that this was a small website or business, not a mission critical company product. I didn't mention software, or tape libraries, or hot backups. I think sometimes its better to have some backups, then none at all. An external drive can be bought for next to nothing.. really, I can get a 500GB HD for about the cost of a couple of tapes, but then I have to buy 2 tape drives (in case one has hardware failure).

Believe me, I could go on about backup windows, media, and techniques, but was hoping by keeping it simple, they would not be overwhelmed. By not being overwhelmed, they might start the process.

Also, by not using a computer based backup, they would not have the same problem as the site mentioned in the linked article, where someone first cracked their backup servers, and deleted their only backups.

Re:Easy fix

[magisterx]

I would respectfully beg to differ. For my personal computer, I have two layers of backup, one goes to an external harddrive and works quite well to protect me from harddrive failure or being stupid and overwriting the wrong file. The other is burning a set of DVDs every now and then and store elsewhere, which protects me from physical destruction of my house.

At my last job we had 3 layers of backups; the first was to a large harddrive (actually a RAID away, but still an array of harddrives.) Then from there we made tape backups for short term storage and less frequent tape backups for long term offsite archival. But again, the harddrives where the first layer.

In short, I find harddrives make an excellent first layer of backup protection. They are faster and (depending on setup) easier to use than most other backup solutions, and very affordable.

Of course, I would never recommend relying on harddrives as your only layer of backups when dealing with mission critical data, but then I would never rely on any one layer of backups for truly mission critical data. Harddrives probably provide one of the best first layers in that case.

If you are dealing with less critical data and working on a budget then you may be able to accept just one layer of backups, and in that case then which way you choose to go depends on a number of factors but harddrives are a strong contender even there.

Re:Easy fix

[morcego]

Ok, there were several replies to my post and, since I'm not going to reply to all of them, I decided to pick one that is clear and definitively worth discussing with.

I do agree with your backup strategy. It is sound. I use that one some sites, having backup made to tapes, and a secondary storage area (or a pre-backup staging area) on a NAS, for fast recovery of trivial files. Restoring files from the NAS is usually fasted, as you stated, than from a tape.

Using BOTH HDDs and tapes to supplement each others, specially for added redundancy is very sound.

However, HDDs don't replace tapes. They are too prone to fail, specially if left powered off for long periods of time. It is a catch 22 if I ever saw one. If you keep them powered on, they will fail sooner. If you keep them powered off, they will also fail sooner (than tapes). Also HDs are much more sensitive than tapes to storage condition. Although if you are worth your salt, you probably have a storage vault/room/facility with controlled humidity, temperature, EM-free and all that.

Not can stop you from calling your HDD "a backup", the same it we can't stop you from calling it "Bob".

Yes, as a side note, (newer) HDDs are more reliable than some old tape backup technologies, like DDS. At least on my experience. But if you are running backups on DDS tapes, you are in enough trouble already.

For those that want to argue that tape technologies change too much, I would like to invite them to read the data from a RLL HDD I have here on my cabinet. I also have a MFM HDD, but I don't want to push the issue too much.

Re:Easy fix

[asdfghjklqwertyuiop]

You take your harddrive , I'll take my tape. We'll both drop them from four feet to the floor a couple times and then see which one still works.

...At which point we'll observe that the hard drive failed. Then I'll pull out one of the several other copies of it which I was able to make thanks to the large amount of money I saved by not using tape. We'll finish by making a note not to repeatedly throw backup media on to the floor from four feet and conclude that hard drives are a fine backup medium.

Re:Easy fix

[Cheech+Wizard]

I'm sorry, but however recommends using an HD as a backup solution, shouldn't be talking about backup.

HDs are NOT backup media.

I just finished up taking about 40 hard drives that I have used for backup over the years and consolidating them onto 2TB drives. Every drive (the oldest is about 10 years old) spun up and all data transferred without a problem.

I've been using hard drives to back up data for years and never had a problem.

Re:Easy fix

[Cramer]

HDs are not archive media. They don't fair too well left sitting on a shelf (unpowered) gathering dust for a few years. Magnetic tapes can (and DO) last decades in storage. Yes, they are slow and far more expensive, but they are, without a doubt, the best option for offline archives and backups.

In fact, most "cost effective" (read: cheap) IDE/SATA drives tend to last about 3 years in normal/typical operation. They become highly unreadable if left powered off for 6+ months. Tapes, on the other hand, last for decades.

Tachikoma

[Anenome]

Take a lesson from Ghost in the Shell, hire digital Tachikoma to protect you :) Problem solved!

Re:Tachikoma

[pembo13]

Those Tachikoma will do what ever it takes, especially once they gain individuality.

Re:Tachikoma

[KahabutDieDrake]

Once they gain individuality, they tend to kill themselves in spectacular ways. I'd prefer a security system that didn't self destruct on top of the intruder, at least assuming there was another option.

See also: The classic answer to computer problems

[dmomo]

>>What sort of security do you put on your backup infrastructure?

It depends.

I guess it depends how valuable the data is, how current it needs to be. Does it need to be kept secret or simply kept uncorrupted? How fast do you need to access these backups. The harder for you, potentially the more secure.

For starters let's have a copy off-line in a location where the servers are not. Heck, choose another location for more security. I am thinking: A tape and a DVD in a safe with a lock on it. And another somewhere else.

If you really need to keep it safe, commit it all to memory and then shoot yourself in the temple.

Encrypt it

[micksam7]

Encrypt your backups.

Don't let your backup system have access to your main system.

Allow your main system write-only access to your backup system, for the sole purpose of delivering new backups.

Re:Encrypt it

[micksam7]

Ammendum:
Anything else needing to be done would require a admin to do it, and that's the point.

Re:Encrypt it

[Znork]

Don't let your backup system have access to your main system.

Ah, but this is a large company, and presumably they use 'enterprise' products. Some (most?) of those tend to be secured with rexec equivalent security (nsrexecd and .nsrhosts, coincidence eh?) for jobs executed from the backup server, and any better security is an afterthought. But they have good salesmen, and they're 'enterprise', and they cost a lot of money so they must be safe to use right...

The sad state of affairs is that at many large corporations it's probably as easy as sticking a laptop into the right network port, configuring the same IP address as the backup servers and you've got root access on every machine they back up, either through script facilities or through the simple capability of pushing a restore of a (completely unchecked) home-made passwd or any other file.

Perhaps it's changed in the last few years, but last I checked there were no host keys to authenticate servers and clients, there were at best simple passwords for the server to make the client do whatever it wanted and there were no checksums to verify that only previously backed up files got pushed to the client. I may also have missed some more capable system.

Then again, many large companies separate responsibility for backup and storage systems from system administration, and/or the people deciding what backup system to use have little experience with system security. Leading to exactly this kind of problem, with huge gaping security holes. Monitoring software is another one of those huge holes.

Preventing being hacked from the backup system is, of course, fairly trivial. The first part of which would be, don't use any backup system that creates huge security holes on your servers, or at least don't put the security hole, or 'backup client' on the servers.

For the second part I'm leaning towards multi-stage backups, particularly if you have separate areas of responsibility; have the server admins being responsible for delivering production data securely to an intermediate storage area (perhaps coalesce the data into a single compressed encrypted, signed file), then let the people responsible for backups dump it to tape/archive it.

It creates a whole other bunch of problems and potential issues of course (and solves another bunch of issues with backup clients that don't understand all file types, file systems, metadata, etc), and you may have to take a serious look at database backups and such, but in the choice between bad and some more bad, at least such a solution won't lube you up for a penetration, it'll be fairly cheap (licenses vs. diskspace), it gives you much flexibility on how to backup which data, and it should keep your data safe. It may cost more man hours on the system side, but it'll probably save them on the storage side with fewer backup clients. The joy the first time you get to do a several-minute restore instead of getting an 'oops-saved-the-data-on-every-tape-in-the-silo' experience waiting a day for less than a hundred gigabytes of small files getting restored will just be another bonus.

eggs in multiple baskets

[jgercken]

1) divide your eggs in at least two baskets, thoughtfully designed to protect their integrity
2) keep your baskets in physically isolated locations
3) take steps to protect your eggs from theft
4) after retrieving your eggs, inspect them for tampering before using them in your souffle
5) purchase insurance for the off chance you get yolk on your face

Why were your backup servers

[Jane+Q.+Public]

accessible in the first place? Somebody in IT was not doing their job.

Re:Why were your backup servers

[CAIMLAS]

There are a couple ways to 'automate' your backups being "offline" but still automated; not perfect, but better than what they apparently had.

Server on the Internet, with a private subnet behind said server where your backup server(s) are. Internal interface on server must have absolutely zero services running, and the connection must not be routable.

However, backup servers also need to be not kept "online" when not backing up. You can:

* Keep them powered off and only power them on (automatically) when you're doing backups (which occur on a schedule from the main server).
* Keep them on, but with the network interface down.
* If the backup servers use external storage but are kept on, have those on a separate power unit that powers up only on schedule as well.

Personally, this sounds like an "inside job": it's malicious and performed with a great deal of knowledge of the operation. That speaks of a disgruntled employee to me, not some kiddie at it for kicks. There are a lot of steps which can be taken, but realistically, you're not going to be able to deal with something like this unless you've got your data backups completely 'unattached'.

Re:Why were your backup servers

[mokus000]

"Their" is not singular, you cretin. Use "his": it's a perfectly fucking good word.

Oh, come off it. Quit wasting the world's time.

Isolate the Backup Servers

[StCredZero]

Why were your backup servers accessible from the outside network? Your backup servers are arguably even more valuable than your production servers. They should be behind yet another firewall. You can even have the production servers connect to them through a separate network interface. (Network interfaces and Cat5 cables are cheap.) If you are really paranoid, you can create folders where the server can upload data, but can't erase or overwrite what it has uploaded.

Prevention for exploit via backups

[Junior+J.+Junior+III]

Easy, don't do backups! 99% of the world is already way ahead of you on this. Hard drive failure is a myth, anyway.

Re:See also: The classic answer to computer proble

[TheGratefulNet]

If you really need to keep it safe, commit it all to memory and then shoot yourself in the temple.

hey, the guy might NOT be jewish.

did you consider that?

Obvious Oversight by WHT

[Revotron]

There was a very blatant oversight and an unfortunate assumption on the part of WHT and iNET Interactive.

They quite obviously overlooked the fact that the WHT servers (and ONLY the WHT servers) would ever need routine access to the backup servers. Therefore it was an obvious security hole that could have been plugged by restricting traffic through iptables to only iNET-affiliated IPs. Any teleworkers who needed access should simply use a VPN to iNet's offices if they really need access to the backup systems. If under some extreme circumstance (such as the loss of a database) an outside party needs access to the backup servers, the system admin can then add an exception under iptables.

And on that note, the other incredibly thoughtless assumption was that any traffic coming from the backup servers would be approved traffic. So once the attacker gained access to the backup servers, the database servers were one insecure hop away.

I think this proves the following very important points to the entire IT industry:
1) Internal infrastructure should remain just that - internal! Restrictions should always be put in place as to who can (or can't) access a system.
2) No traffic can be guaranteed authorized or authentic. It's one thing to add an SSH keyfile to your home servers, but in an enterprise environment everything must be highly scrutinized. It's no longer a matter of protecting systems from users - it's now a matter of protecting systems from other systems as well.

I was personally affected by the loss of information at WHT and while it's annoying, it's a fact of life and can't be undone. All that's left now is to pick up the pieces, secure the site as best they can and move on with lessons learned.

Re:See also: The classic answer to computer proble

[dmomo]

Well done sir. Either way, it'd be a horrible way to parish.

Re:Simple solution.... offline backups

[mysidia]

If your system is compromised for an extended period of time, and you don't know about it, your backups can still get tainted.

i.e. the hacker might modify your backup process in a subtle way, like getting random bits corrupted on the tape, sufficient to make it useless for restoring.

Hardly anyone actually completely tests their backups, to make sure they'll work.

After 6-12 months, the hacker hoses the real DB, not expecting their trap, you try to load from backup from physical media, only to make the situation even worse.

It could take you quite a long time to find a backup that's not hosed (assuming you keep physical media backups older than 12 months)

Re:See also: The classic answer to computer proble

[BluBrick]

I think you need to altar your attitude.

Why were all the backups online?

[pembo13]

I understand why the most recent backup would be online, but I assumed it was standard procedure to have the remaining archive offline.

Why was this possible?

[RAMMS+EIN]

I don't understand. The attackers gained access to the database...through the backup servers? That leaves me with two questions:

1. Why were the backup servers accessible to the attacker?
2. Why was the database accessible from the backup servers?

It seems to me that the only way you need to access the backup servers is through some mechanism that allows you to transfer data to and from them. A single open port, which you need a password (or key) to use seems all that should be exposed. That shouldn't be too hard to secure.

It also seems to me that the backup server has no business accessing the database, and therefore shouldn't be able to access the database.

Unless, of course, the way the system works is that the backup server accesses the production server to retrieve the data from it. That doesn't seem the most obvious design to me, but it would at least explain why the backup server could access the database. Maybe that is a good reason not to design the system that way (on the other hand, it saves complexity on the production server, which is good). At any rate, it doesn't answer the first question, which is why the attackers were able to access the backup server.

My sympathy goes out to the WHT administrators. Good luck on recovering from this and figuring out what went wrong. I hope you will keep us posted, so that we can all learn from this incident.

Re:Why was this possible?

[tapanitarvainen]

Unless, of course, the way the system works is that the backup server accesses the production server to retrieve the data from it. That doesn't seem the most obvious design to me, but it would at least explain why the backup server could access the database. Maybe that is a good reason not to design the system that way

That is a rather common design in backup systems, and there are good reasons for it: mainly, it allows securing the backup server better, especially in the (common) situation where one backup server handles several production machines.

If the backup servers offer only read-only access to anyone over the net (or not even that if recovery from backup is rare enough to be initiated from backup server console), it can be secured much easier than when if offers write access to clients backing themselves up.

[...] it doesn't answer the first question, which is why the attackers were able to access the backup server.

You are right there, though.

Re:eggs in multiple baskets tsarkon

[wickerprints]

It's a special, copyrighted, variant spelling of soufflé. Apparently it also requires equally special baskets and eggs.

Insider

[chirone]

Probably was a former employee who did the job. At work we always joke to make a backdoor, ready to delete all backups in case we get fired. Unfortunately we have fireproof safes and off-site backups...

Re:See also: The classic answer to computer proble

[dougisfunny]

Too soon?

Can I hire him?

Dunno, but our backups are so secure that even the DBAs are usually unable to restore them. We might need this evil hacker to teach them a trick or two.

Backups

[ledow]

Tape drive (or even other external device) with encrypted data. There, problem solved. Do you see why such devices/features are standard on anything that has the word "backup" on it?

However, if you insist on having servers running all day long that you want to backup to, then at least make sure they are a million times more secure than your production servers - as the name suggests, they are your BACKUP if anything goes wrong. This means - encrypted data, locked-down networking (i.e. absolute minimum necessary - one port, one user, one ultra-secure key), proper permissioning (it might not be a bad idea to set the permissions so that you can append to a file but can't read it, thus forcing you to have physical access in order to restore any data from backup, or certainly that you can't overwrite existing files) and physical security (i.e. properly hosted in a decent hosting outfit and/or securely placed in an offsite location where they can't be got at - even if this is in a secure cage in a branch office).

And letting the backup server have ANY permissions on your local network is just stupid. Push, don't pull. Tell the backup server what to backup, don't let it pick and choose and require access back to your network - it's a backup device not "just another machine". A simple "nothing outbound" firewall rule on that machine would have stopped them coming back to you, providing the backup was encrypted (I'm assuming they actually piggy-backed onto your network than stole the db passwords from your backups). And the backup should ALWAYS be encrypted because it might well contain information such as your passwords in it, especially so if you are storing other people's data.

Yeah, it costs money to do this properly, but that's the price you pay for not losing thousands of people's data. I imagine the kick-back from that data loss will run to more than the price of a tape drive or two in the long run. What they had was NOT a backup. It was a rapid-restore machine. That's fine to have *as well as* a backup, but no better than hanging a 250Gb USB drive off the database server (in fact, worse, because that machine was able to be remotely-compromised).

Re:It's obvious

[mlts]

The one thing about encryption -- key management is just as important as the algorithm used. A business has to figure out how they are going to manage keys. Are they going to use a passphrase that only the backup admins will know, or are they going to use some type of RSA key functionality? If private keys are used, how are they backed up?

There are a lot of factors involved, and one important thing is not depending on one single person as one doesn't depend on one single server. There should be some type of mechanism put in place to deal with an employee gone missing (or even worse, rogue.) For a smaller business, the risks may be low, but its something that should be thought about when planning a backup infrastructure and implementing it.

Re:See also: The classic answer to computer proble

[Sandbags]

First off, lets focus on one thing, if your company is already at a size, complexity, or business need of having backup data electronically replicated offsite (whether this is a true hotsite you're replicating to, or just a method for not rotating tapes through your front door every day), then we're not talking about USB drive data protection schemes here...

OK now, the offsite system should NOT be an administrator access node of your existing backup solution. It should receive replicated data sets and have the ability to operate as a DR server to recover them, but it should be controlled remotely from YOUR site, and should not be able to initiate backups, restores, or make operations changes to another site's DR servers. This is handled by wither firewall rules or user structures.

Second, Physical access at the DR site needs to be as or more strict than at your primary site. If you don;t own the building (or host services through someone like SunGuard) they should have your units in locked racks. Insist that anyone with access has passed Government C2 or higher clearance, and DO NOT give ANYONE outside your organization passwords to those systems.

Next, If the system allows, the user accounts at the hot site should not be the same at any of your other sites.

Next, You STILL NEED TO ARCHIVE DATA, preferably monthly at worst, weekly may be needed depending on your data set size. Replicated systems can corrupt data, and replicated date sets typically only contain your current data set (no rollback copies). Generally, if your replication system is handling moving data automatically, you can leave your local DR copies in your building in a secure area. Daily backups should be archived to local disks so if you have a DR server failue you still have something to recover from (recovery over the WAN is usually not an option). If you have a fire or disasterous event, your offsite systems is your #1 backup, last month/week's archive is your #2.

I've spent a lot of time working with multiple DR companies, and I've supported medium and enterprise class businesses alike (my current employer has 12 mainframes, a couple hundred AIX servers, and over 2000 x86/64 boxes. DR is a BIG thing around here!) Once you enter enterprise class, we're not typically talking "backups" as you know them, more SAN replication and disk write journaling. Recovering 400TB from backups simply isn't an option in a 24-48 hour recovery model! However, if you've got less than 50TB, you can VERY REASONABLY build a great solution out of DPUs (Data Protection Units) made by Unitrends (unitrends.com). They're totally tapeless systems, can share jobs between multiple units at multiple sites, have secure packet level replication technology, and can use 256bit real time encryption as 8GB/minute (per chassis!) with up to 7 concurrent jobs running (per chassis!). a 50TB environment would use 4-8 DPUs (usually departmentalized) conencted to a SAN, and another 1-2 units offsite to handle replication and DR recovery. They also support P2V and V2P recovery and dissimilar recovery. Fully integrated BareMetal backup (they actually invented and patented that one!), and support for 40 operating systems in one multi-site seamless DR solution. You should REALLY look into them. For small sites (less than 1TB data) you can get into one of these units for around $15K with all the bells and whistles (another 10K for replication). There are NO PER CLIENT OR PER AGENT LICENSING FEES, it's ALL inclusive, the only thing you license is storage. Oh, their Data Vault unit can handle up to 40 sites, and each site can be run by a different company with different accounts, and their data can be logically seperated on the vault making it impossible for one customer to interfere with another's data, you can even lock the vault operator out of the solution. This has been validated by the DOD as a secure solution...

What do encrypted backups solve?

[phorm]

A lot of people are suggestion that backups be encrypted and I assume they mean the actual files/volumes, but I *really* don't see the usefulness of this case. Encryption backups may protect the data from being stolen, but it isn't going to protect it from being *wiped* in most cases. If you have root access then assumedly there's also raw access to device the backups reside on, in which case you can still nuke it with something as simple as "dd if=/dev/zero of=/dev/backup"

Now maybe if the backup server further connects onward to a mass-storage device that isn't at-all accessible until logged-in, perhaps, but it doesn't seem a likely scenario for most cases.

Re:See also: The classic answer to computer proble

[complete+loony]

Christ, you guys are merciless. Next you'll be wanting to nail him to a tree or something.

Jesus, I come here for the intellectual discussion. I didn't expect this kind of Spanish Inquisition.

Misdirected frothing.

[Civil_Disobedient]

HDs are NOT backup media.

It appears you've taken the oft-repeated mantra that RAID is not a backup solution and gone a step further by suggesting that hard drives themselves aren't backup media.

Which, by the way, is ludicrous. Hard drives use tried-and-true technology, they're cheap as hell, and transfer speeds are outrageously faster than any other media in contention. Suggesting that they don't make good backup media is well, I'll give you the benefit of the doubt and say misguided.

Tapes Are Rubbish

[zentigger]

yes, because people regularly break into my NOC, pull the drives out of my backup servers and practice juggling. Tapes are rubbish. Tape is expensive and unreliable. Anyone that tells you otherwise is selling the stuff.

Hard drives have replaced tapes around here. For decades we juggled tapes in a vain attempt to maintain useful backups only to find that EVERY SINGLE TIME we needed critical data from backup, the data was unrecoverable.

For the past few years now, we have been backing up all of our critical data to a low powered server with TB drives in mirrored arrays. Security on this server is exteremly high. The only service it runs is SSH, backups are all done as pulls from the servers, has no untrusted local users and sits on an extremely restriced network segment.

With the thousands we have saved not replacing tape media and drives (not to mention the amount of overtime not wasted screwing around in the middle of the night trying to find a working tape to restore from) we are adding a mirror for this archive offsite.

Re:Tapes Are Rubbish

[Cramer]

Tape is expensive and unreliable.

Expensive, sure. But they most definately are reliable. Your experience may have been tainted by cheap PC crap intended for stupid home users -- QIC-80 anyone? Modern DAT, AIT, DLT, and LTO tapes are infinately more reliable than a hard drive. I have aging Exabyte 8mm tapes that are over 20 years old and still perfectly readable. (if you can find a drive old enough to read 'em.) The only drives I have approaching that age that are still functional are highly expensive SCSI drives.

Re:Tapes Are Rubbish

[UnrefinedLayman]

Tapes are rubbish. Tape is expensive and unreliable. Anyone that tells you otherwise is selling the stuff.

I hope nobody confuses your inability to think beyond your world with fact, because this is the hugest crock of shit.

I have about 12 TB of data that I am required to be able to restore to any day within the last five weeks. One week of backups = 20 TB. In addition, I must:

1) always have at least four weeks' worth of data in different building on the same site
2) always have at most one week's worth of data in the rack
3) always have at least one full backup from within the last five weeks at an off-site storage facility
4) retain every fifth backup for one year
5) retain every 52nd backup for seven years

What are my options?

Option 1 (your option): Buy a minimum of 442 TB of additional disks (102 TB for five weeks of storage [1 & 2 above]; 200 TB for [4]; 140 TB for [5]; 37 times more storage than we currently use), plus the SAN, plus the network, power, and cooling systems to support it. When rotating media, physically remove the drives and carry them around. Carefully. Because one backup weighs thirty pounds. Media cost: $132,000 ($300 per); SAN cost: $50,000.

Option 2 (my option): Buy a tape library and 442 TB of tapes (one library, 368 tapes). When rotating media off-site, throw the tapes into a bag. Carelessly. Because they weigh 15 pounds and don't break. Media cost: $20,600 ($56 per); Library cost: $20,000

Looking at the last 600+ rotations I've done for various systems in the last five years, the failure rate is far, far, far lower than hard drives already; when you take into account the fact that 20% of all tapes are transported 60 miles per year and 50% of all tapes are transported between local sites at least twice per month, the failure rate of hard drives would be through the roof. Further, while I have had tapes fail during a write operation, I have never had a tape fail during a data restore, even on tapes overwritten hundreds of times and tapes stored for years. Perhaps your backup administrator has never heard of data verification or proper media storage, but if he had perhaps you wouldn't have experienced all those repeated failures of your backup system.

Try being a backup administrator, not just playing pretend like you are now, before being so glib.

Re:truncate immediately visible post length

[unity100]

i dont want thresholds. i want to be able to see valid comments even if some fanboi mods someone's valid, insightful comment -1 due to fanboi spirit.

Re:See also: The classic answer to computer proble

[Metabolife]

Keep a 3 day backup and cross your fingers.