The recent high profile hack of Distribute.IT has been generating quite a lot of noise over the last few days amongst the Australian Internet industry. And we've received a few emails from our dedicated hosting customers wanting to know more about the details of the hack and how it could affect them.
The truth is, most of the details surrounding the "hack" are sketchy. But we do know:
- Four of Distribute.IT's shared hosting servers were involved,
- Comprising over 4,800 sites involved
- Offline, or otherwise logically separated backups were not available
- and all data, websites and emails were 'lost'.
Air-gaps - the importance of logically separated backups
When engineering a backup solution, it is important to consider all failure modes, whether they be gamma rays, divine intervention or malicious acts perpetrated by hackers.
There are many modes by which backup strategies can fail, but in the case of Distribute.IT it appears that their backup system was insufficiently separated from the their operational servers.
This separation is often referred to as an 'air gap'. The theory being that if your backups are not available online, then they are secured against these sorts of malicious attacks. Maintaining a backup regime involving and air-gap, and rotation of off-site media is quite laborious, and most companies do not have the resources to undertake this level of diligence and instead resort to using online disk-to-disk backups.
Best practice would dictate that when building an online disk-to-disk backup solution you aim for the following:
- Ensure that the Internet facing servers are logically separated from the backup servers
- Put the backup server in it's own secure network segment, and lock it down so that it is not externally accessible, nor directly accessible from the hosts it is backing up
- Provide restricted authentication to the backup server: meaning you don't integrate the backup server with your Windows Active Directory domain.
However these requirements are often too secure and create an unnecessary burden on IT staff performing restores.
A tiered backup structure:
- Make your most recent backups accessible to facilitate quick restores. These can be integrate with your existing systems and processes (eg filesystem snapshots, locally mounted backups)
- Provision a second tier backup server, that is secured and locked down according to best practice. This is your doomsday vault.
The folly of "shared hosting" platforms for business sites
At Adlibre, we believe that shared hosting platforms are inherently hard to secure. When you're sharing a operating system instance with 100, or 1,000 other websites the potential for a security exploit is greatly amplified. These risks are often further amplified through the use of web control panels and mass-hosting automation scripts that are insecure by design.
If your website is important to your business, should you be taking risks with your hosting?
Business's that rely on the Internet for their business should have contingency plans in place, as well as customised backup and disaster recovery plans inplace to mitiagate the impact of a security breach or service disruption.
If you wish for further information please contact a Consultant at Adlibre on +61 (0)2 8003 3222.