Solved

How to Backup a server in a public DMZ from a internal Backup Server securely?

Posted on 2008-06-17
4
2,926 Views
Last Modified: 2013-12-01
Greetings,

I have a web server sitting in our public DMZ that I want to backup with a server sitting in our private domain. How can I do this securely? If I open a port to allow access through the firewall then if the webserver becomes compromised that means the backup server(internal) can become compromised as well since there is an open port to get through. If the backup server becomes compromised then all the computers in the domain can also be affected.

How can I  backup the web server in the public DMZ that will not require manual labor everytime I want to backup the webserver?

Attached is an example diagram.

Thank you !
problemdia.jpg
0
Comment
Question by:junglecom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
Taurus042 earned 500 total points
ID: 21810853
If you open a port (10000 for Backup Exec) from the backup server to the web server the risk should be minimal. No ports need to be opened from DMZ to Internal network as the backups are initiated from the backup server.

As far as I know all that the Backup Exec server does is copying files via the agent. No files should be executed this way which means the backup server is reasonably safe.

The alternative is to run the backups within your DMZ. This requires another backup server and additional labor handling the backups on two servers.
0
 
LVL 2

Author Comment

by:junglecom
ID: 21827835
If the DMZ computer was infected with something could it take over the backup server using the port I would open (10000) ?
0
 
LVL 2

Expert Comment

by:Taurus042
ID: 21830114
No, not in an easy way since you only open the port for access from Internal net to DMZ. Connections are initiated from BE Server to BE Agent.
The only possibility would be for an attacker to replace the BE Agent with his own code and somehow affect your BE Server. This would be very hard imo as the BE Server is only doing file copying.
0
 
LVL 2

Author Closing Comment

by:junglecom
ID: 31468119
Thanks!
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question