[LINK] Hacking of medical records

Rachel Polanskis grove at zeta.org.au
Wed Dec 19 01:48:25 AEDT 2012 

Hi,
I will wear my backup admin's hat and say I have worked with medium scale (300+) 
backup of mixed UNIX and MSW loads.  There is a complexity in some of the products 
that makes total data recovery quite difficult, in spite of all the considerations everyone has
made.   The fact remains that backup software scales only so much before you actually
find yourself investing more time and money in it than would seem worthwhile or credible.

For example, The product I am most familiar with is one of the brand leaders and has
been around a very long time.  It is a mature product such that it is approaching senility.
It is one of an ever increasing range of recent "solutions" that has had functionality removed in subsequent versions and license roadblocks to unlock  previously open functionality.
It trades this off by offering a large scale discount when you buy more seats. 
It supports a wide range of clients and also applications and this is where the problems
arise.  The backup app itself requires several different licenses depending on how your
environment is assembled.  Licenses can be costly and also highly specialised, for example
to properly do a complete restore of an MS sharepoint farm, not only needs a special license
with the product, it also requires a specialised client with differing configuration options
that vary from windows release and app version and filesystem provider. 

This makes tending backups quite a specialised and costly area. It is not cheap and it is 
easy to cut lots of corners and acquire a backup system that promises more than it can 
deliver at the low end and the bar to entry is too high for the brand leader.  So a small 
site like a dr's reception is only ever going to have the cheapest solution, unless
someone is tech savvy enough to provision a better quality network for them.

This is not the first case of these ransom attacks, it has been going on for years.  About 2
years ago an Alice Springs online betting site got touched up for $20k or something 
and they used a DDOS to ruin his business, rather  than accessing and encrypting
data on the system.  

One thing that has gone unsaid thus far, is that all these crummy attacks have one thing
in common - Microsoft Products.  I will basically just wear my heart on my sleeve and say 
it again - it's crapware.   Until people stop buying the stuff and expecting it to work on their
tiny LAN's as if it were an Enterprise, these attacks will continue,  Windows does not promote
good security habits, it's default data recovery process is fraught, the enterprise recovery
tools are expensive and out of reach of most small operations  and it is too difficult to ascertain
if a user system is owned or under attack until it is too late.


rachel

--
rachel polanskis 
<r.polanskis at uws.edu.au> 
<grove at zeta.org.au>

On 19/12/2012, at 0:54, Robert Brockway <robert at timetraveller.org> wrote:

> On Tue, 11 Dec 2012, Jan Whitaker wrote:
> 
>> I seem to recall a throw away line either in a written story or a tv
>> interview where the person said it was better to keep your backups
>> off the network, too. One can only speculate what the person meant by that!
> 
> Hi Jan.  In order to maximise the chances of a successful data recovery 
> there should always be at least one full set of data backed up that 
> conforms to the following criteria:
> 
> * Offsite
> * Offline
> * Tested
> 
> Having the backup offsite provides geographic separation that tends to 
> protect against physical problems (that are constrained by physical 
> distance).
> 
> Having the backup offline provides logical separation that tends to 
> protect against logical problems (scripts that delete backups, deliberate 
> attacks over the wire[1], etc).
> 
> These two collectively provide 'availability' of the backup.
> 
> Testing provides 'integrity' of the backup.
> 
> Some readers may now be thinking of the 'CIA triad'.
> 
> A fourth criteria (encrypted) can be added to finish the triad with 
> 'confidentiality'[2].
> 
> [1] This is not the first time online backups have been attacked.  There 
> was a high profile case of online backup deletion a couple of years ago.
> 
> [2] I'm cautious about recommending encrypting backups however as it 
> requires a 'technological maturity' that I'm yet to see in most 
> organisations, even large organisations.  If you encrypt your backups you 
> must make provision for key recovery (eg, key escrow).
> 
> Cheers,
> 
> Rob
> 
> -- 
> Email: robert at timetraveller.org        Linux counter ID #16440
> IRC: Solver (OFTC & Freenode)
> Web: http://www.practicalsysadmin.com
> Systems Administrator, Solutions Architect, Free and Open Source Advocate
> Director, Software in the Public Interest (http://spi-inc.org/)
> "Information is a gas"
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list