Yes, so long as the backups themselves are not vulnerable! That's why I want to pull my backups in the future. I'm picturing a remote server, connecting to the primary server using cert based auth and pulling the backup files down. That way nothing on the primary server indicates where backups are being stored, or even that they are being stored at all, and no credentials for the backup server are on the primary server.
In the past I've fallen back to pushing backup files to an S3 bucket from the server being backed up, and that's fine for protecting against some situations. But with the AWS credentials / etc. on the machine where they could be potentially compromised... not good. So I'm going to rework how I do this sort of thing in the future.
reminder: always create backups. this is among the best protection against ransomware
Yes, so long as the backups themselves are not vulnerable! That's why I want to pull my backups in the future. I'm picturing a remote server, connecting to the primary server using cert based auth and pulling the backup files down. That way nothing on the primary server indicates where backups are being stored, or even that they are being stored at all, and no credentials for the backup server are on the primary server.
In the past I've fallen back to pushing backup files to an S3 bucket from the server being backed up, and that's fine for protecting against some situations. But with the AWS credentials / etc. on the machine where they could be potentially compromised... not good. So I'm going to rework how I do this sort of thing in the future.