Security Settings for Protecting Backup Servers

What to Know

• Security settings are a critical part of configuring Carbonite™ Server backup
• Neglecting these security best practices can lead to security vulnerabilities
• Backup security is one facet of a multi-layered approach to holistic cyber-resilience
• Our latest e-book, Security Tips for Protecting your Backup Servers, gives you detailed security settings recommendations

We spend a lot of time talking about backup architecture and strategy – backing up onsite vs. in the cloud or backing up onsite and in the cloud. But one thing that warrants equal discussion is backup security – the settings and configurations you should be mindful of when deploying and monitoring a solution like Carbonite Server.

The reason we talk more about where you should back up is because that’s one of the primary considerations of IT decision-makers when they’re determining what kind of solution will suit their needs. But, when it comes to the complete cyber resilience picture – or the organization’s ability to avoid disruptions and recover from them in as little time and with as little impact as possible – then you have to admit that the security of backups is just as critical as the topology of the backup deployment.

That’s why we put together the e-book, Security Tips for Protecting your Backup Servers. It’s dedicated to the all-important security settings backup administrators should consider when they deploy and configure Carbonite Server. Some of these key considerations include:

• Don’t broadcast your backup server – Avoid adding an Active Directory entry for your backup server. Use window workgroups or connect agents to the backup server via Static IP address. The less information known about the backup server, the better.
• Create network separation – Separate your backup network into security zones, or groups of servers, systems and networks that have similar security requirements.
• Update OS and Carbonite Server versioning – Outdated software versions are open to attackers because they have known weaknesses and vulnerabilities.
• Turn off unnecessary Windows services and ports – More employed services will require more access and more open port traffic.
• Establish and enforce a password policy – Weak passwords or even the lack of a password policy can lead to password guessing and brute-force attacks. When it comes to strong passwords, length is strength because it takes more computing power to break.

The Threat Landscape

Businesses are facing increasing risks today due to the rapid rise of malware attacks. The prevalence of these risks has caught the attention of administrators and C-level individuals alike. From disruptive production delays to loss of reputation, the harmful effects of data loss and downtime remain top-of-mind for IT decision-makers at all levels.

Cybercriminals have adjusted their tactics to circumvent defenses. The result is increasingly complex, polymorphic malware that is harder to identify and isolate. In 2019, 93% of malware strains seen by Webroot were polymorphic.¹

Multi-Layer Cyber-Resilience

Businesses, in turn, have had to fortify their defenses in an ongoing arms race between cybercriminals and the IT organizations that seek to thwart their attacks. The best defense against the range of tactics cybercriminals have in their arsenal is multi-layered cyber resilience or “defense-in-depth.”

Cyber resilience involves a holistic approach to protecting data and the systems organizations rely on for business continuity. It includes perimeter defenses, like advanced threat intelligence and remediation, protection at the edges, which includes employee endpoint devices and cloud deployments, and critical infrastructure protection for physical and virtual servers. 

Having an effective strategy for comprehensive cyber resilience could mean the difference between keeping production systems online in the face of a disaster or suffering catastrophic system downtime and data loss. The combination of Carbonite and Webroot offers businesses the different forms of protection they need to deploy a multi-layer, defense-in-depth cyber resilience strategy.

The Backup Layer

Carbonite Server, whether it’s deployed as an on-premises, as cloud-only solution or in a hybrid model, provides many options and features for ensuring the security of data during each phase of the backup process. For more information about specific security settings in Carbonite Server, including on-premises and offsite replication, and detailed port configurations, download the e-book, Security Tips for Protecting your Backup Servers.