Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Pull instead of push backups are one way of trying to mitigate this. You dont allow clients to start backups. Your backup server does instead, "pulling" backups at standard times.

As long as you harden it from crypto, there is no way for malware on client machines to force an overwrite of current backups.




The malware could wait for a pull, then feed the server false data.


Then you have a backup server that's privileged to access data from clients, which makes the backup server an attractive target.


Then you reduce the attack surface on this one special-purpose machine, which is much easier than doing the same on all your employees' desktops.


Very clever.


If their backups are being placed somewhere like S3 they should have a stand alone server that simply copies daily backups from the S3 bucket the network has access to, over to another S3 bucket that only the backup managing app has access to.

I expect they are allowing their backup app to have read write access to manage cleaning up removing backups but just giving it write only access from the network would work too. And using a standalone server/app to manage the backups.

I'd still copy over a backup to a stand alone bucket not accessible by the network for something this critical.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: