What techniques do you recommend for securing a online backups (to a third party service like Mozy) a backup that has the advantages of online backup but cannot be tampered with just by compromising the main system? The potential advantage of tapes is that there is at least a recent version that is not reachable by the production system at the time of the attack.
The obvious answer for what I'd like to do is arrange it so that once backups are pushed to the third party service, they're read-only for the account that the main host uses to access the backup server. Whether Mozy and relatives facilitate this, I don't know, but if they're going to blazon "SECURE" all over their home page, you'd think they'd at least be open to a conversation about it.
There are a few suggestions:
1-You don't push the the backups to the backup system, but you pull from there.
2-Once the backup is completed, a cron job being ran by another user should move the backup to a safe location that the initial user has no access.
3-Never reuse password between server/backup.
You should be able to do this with most backup provides that give you shell/ssh access. If your backup is via ftp/pushing only, I would switch providers...
With BackUPMAX, all information to be backed up is encrypted on the local computer before being transmitted, using a key that is stored locally. Data is stored in the BackUPMAX Data Centers in its encrypted form. Data can only be recovered by transmitting it back to the local client, which decrypts it, again using the locally-stored key (or in the event of a disaster affecting the local computer, the same key entered by hand into the BackUPMAX Software).
The most important feature of this arrangement is that while the data is stored in the BackUPMAX Data Centers, it is encrypted and not in a readable format. The BackUPMAX Servers do not have access to the key, and without the key, the data cannot be converted to a readable format. Neither do BackUPMAX employees have access to the key.
BackUPMAX stores your data fully encrypted and protected in two mirrored data centers. Only you can access your data using your own encryption key.
I suggest calculating a hash checksum for the file(s) (sha1 for instance) and then encrypting them. You can store the checksum elsewhere and use that to verify backup integrity periodically and before a restore.
The big caveat to this is that if backups aren't read-only as chaos suggests, or the backup gets deleted (flaky service provider), then you've got a serious problem. I'm not sure that there's a way around this if you're using online backups, but even with securely stored offsite tapes, there's still a chance that they will be lost or damaged.