Re: Postgres Point in time Recovery (PITR),

Hi

> On 22/10/2019, at 4:14 AM, Adrian Klaver <adrian.klaver@aklaver.com> wrote:
>
> On 10/21/19 8:10 AM, Avinash Kumar wrote:
>> Hi,
>> On Mon, Oct 21, 2019 at 8:16 PM Alan Hodgson <ahodgson@lists.simkin.ca <mailto:ahodgson@lists.simkin.ca>> wrote:
>>    On Mon, 2019-10-21 at 16:40 +0530, Avinash Kumar wrote:
>>>
>>>    We need to ensure that we have safe backup locations, for example,
>>>    push them to AWS S3 and forget about redundancy.
>>>    Why do you think only Offline Backups are reliable today ?

The only way to ensure, you have a secondary protocol, is using some type of pull approach, were the backup system pull
fromthe online system. 

>>    There have been examples of hackers gaining control of an
>>    organization's servers or cloud accounts and not only destroying
>>    their online systems but also methodically deleting all their backups.     There are fewer things that can go
catastrophicallywrong if one has 
>>    actual offline backups. You have to be a lot more careful about
>>    protecting anything attached to the Internet.
>> I do not agree with this. If a hacker is gaining control of your organizational servers to destroy your Online
backups,can't he destroy the offline backups and your database ? 

They only way to be safe is having an external company or passwords isolated from your organisation, my personal
approachis having public certs installed from the secondary backup system to pull the backups from the online
platforms.Having generated passwords with a keepass encrypted database isolated from the Organisations. 

>
> Well to me off-line means you have introduced an air gap between your on-line presence and your off-line backups.
Thiswould prevent an intruder from accessing the off-line backups. 

The only way is not having the access or perhaps a 2FA to login into AWS platforms to ensure you know when someone is
tryingto login to your AWS accounts, Linux servers support 2FA too. 

>
>> This is not a right justification to encouraging Offline Backups over Online Backups.
>> If you are worried about storing your online backups through internet on cloud (i do not agree as you can still
secureyour data on cloud), store it in on a server in your Organizational network and do not push them through
internet.
>> Taking Offline Backups is not the only right way to ensure Reliable Backups.
>> We are way ahead of the days where you need to face downtime to take backups.
>> Online Backups are reliable in PostgreSQL.

I think offline backups are useful as complement to the online backups, my current policy of backups for offline one
are( weekly, monthly, yearly with 4 backup retention ) only one time a yearly backup was utilised to recover a human
mistake.

PS: I think if you are really worried about hackers, perhaps you need to chat with your security officer to ensure
alerts,accountability and 2FA plus other techniques are implemented in your company, nothing will stop a good hacker
andprobably it is working inside of your company, 80% of the attacks comes from people that works inside of the company
(Orion security Chile in 2001 shared this information ), no clue what todays stats are. 

Ps2: don’t use passwords like secret, or s3cr3t, etc.  and don’t forget security is just a feeling.

>
>
> --
> Adrian Klaver
> adrian.klaver@aklaver.com
>
>