Re: [rdiff-backup-users] Incremental, automated, remote, secure

[Edward Ned Harvey (rdiff-backup)]

> From: rdiff-backup-users-bounces+rdiff-
> address@hidden [mailto:rdiff-backup-users-
> address@hidden On Behalf Of Grant
> 
> I'm struggling to devise an incremental, automated backup scheme that
> remotely and securely backs up data from one system to another,
> preserves permissions and ownership, and keeps the backups safe even
> if the backed-up system is compromised.  Would the following work?

What are you calling "compromised?"  Because the proposed solution you 
mentioned didn't even mention encryption.  So I guess you must be saying 
"compromised" when you're really talking about the backup system being damaged 
or otherwise suffering data integrity failure. 

Either way, the answer is, "you can't, with anything, ever."  

If you are talking about security compromised, then all you can do is encrypt 
data before it leaves original server, and run integrity checks on it.  You'll 
keep your data private, even on a compromised system, but you'll be subject to 
tampering.  You'll be able to detect tampering, but you will not be able to 
recover.

If you are talking about integrity compromised, on both your original and 
backup systems...  Well ...  Then the data integrity was compromised on both 
your original and backup copies.  Sorry, nothing can protect you from that, 
except having more redundant copies.