I have no special knowledge, but, if I were asked to implement this, I'd want to combine write once with some kind of monitoring of usual change patterns, and some kind of test 'restore' that checks the sanity of data.
That should improve the odds. I *do* know of cases where corrupted data was also in the backup copies, so to my mind anything that preserves generations until they age the usual way is likely to help. Roops On Tue, 8 Apr 2025, 20:11 Schmitt, Michael, <[email protected]> wrote: > A hypothetical IT department wants all tape systems, including z/OS, to > turn on WORM (Write Once Read Many) so that the tapes are immutable. The > reason is for prevention of ransomware attaches from altering backup data. > > My question is: how does this help? If an attacker has the access and > authorization to update a tape, they also have the access and authorization > to copy the tape data to a new tape with altered data. > > When we restore from a backup, we don't consult a post-it note that says > "now mount volume T13439". We mount whatever volume the tape catalog system > says contains the data set we need. > > What am I missing? > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
