> Ransomware is really clever these days and if you PUSH your backups, it can also encrypt or delete all your backups, because it has access to everything
That depends on how you have access to your backup servers configured. I'm comfortable with append-only backup enforcement for push backups[0] with Borg and Restic via SSH, although I do use offline backup drive rotation as a last line of defense for my local backup set. YMMV.
It's pretty simple: the backup host has the backup disk attached via a usb cradle. There's a file in the root directory of the backup disk file system that gets touched when the drive is rotated. A cron jobs emails me if this file is more than 3 months old. When I rotate the disk, I format the new disk and recreate the restic repos for the remote hosts. I then move the old disk into a fireproof safe. I keep four drives in rotation, so at any given point in time I have the online drive plus three with progressively older backup sets in the safe.
And then, after a year what do you do with the oldest hard drive ? Does it enter the cycle again, do you destruct it or do you use it in a failsafe environnement ?
The procedure looks OK and I would like to make it more organised myself, just trying to find the right balance.
The drive enters the cycle again. I use the drives until they show signs of failure (SMART monitoring/testing), or until I need to upgrade for capacity reasons.
I'm using "recertified" (really, used) drives that I've written about here: https://marcusb.org/posts/2024/03/used-hard-drives-from-tech.... They are inexpensive and, so far, have been very reliable. (And, yes, I've done restores from the backup sets.)
That depends on how you have access to your backup servers configured. I'm comfortable with append-only backup enforcement for push backups[0] with Borg and Restic via SSH, although I do use offline backup drive rotation as a last line of defense for my local backup set. YMMV.
0 - https://marcusb.org/posts/2024/07/ransomware-resistant-backu...