Re: Where are the backups? @AC re:"still writable"
You actually missed the point that the media holding the backups is also offline, or at least not directly writeable by the general system in the solution. The database of the backup is important because it keeps track of what data is on which media, which is kinda important.
I take it that you've never tried to create a real backup solution for a large environment. Your lack of understanding shines through! Plus, if you have to rely on write-once media, you're going to get through a lot of media!
One of the backup setups I have involvement in takes full backups of a 50TB database once a week, and incrementals on the intervening days. That's probably close to 100TB a week (and this is just one of the databases). What write-once medium do you use for this?
We use TSM, and that cycles the media around, so older backups get deleted over time, and the tapes get re-used. But the important thing is that the TSM server is the only one that can manipulate the tapes, and maintains the database of what's where on the media, so as long as it has not been compromised, you can consider the backups safe for the duration of the cycle (this is not totally true, it is still possible for RMAN on the Oracle servers to delete the backup, but in theory the data stays on the tapes, and anyway, we have offline copies of the TSM database).
There is something that I think a lot of environments forget. Segregating the authority on your backup system is important. Only the people with access to the backup server can manipulate the media, and you don't use the same credentials on those servers than you do for the rest of the environment. This means that even if your general policy admin. account gets compromised, the miscreants have further hurdles to jump through before they can attack the backup solution.
If you can manage this, then you have a chance of surviving this type of attack, even if you do inadvertently open up the network.
Oh, and by the sounds of it, the systems being attached to the same network sounds like they're all attached to the same physical infrastructure, with the networks being segregated by VLANs (and the VLAN setup was not done early enough in the operation). There are several places where I have worked where VLAN separation does not count as network segregation, In these places, you have physically separate network switches for your management LANs, with internal firewalls if you really want to make sure you're best protected.