I have a web server sitting in our public DMZ that I want to backup with a server sitting in our private domain. How can I do this securely? If I open a port to allow access through the firewall then if the webserver becomes compromised that means the backup server(internal) can become compromised as well since there is an open port to get through. If the backup server becomes compromised then all the computers in the domain can also be affected.
How can I backup the web server in the public DMZ that will not require manual labor everytime I want to backup the webserver?
Attached is an example diagram.
Thank you !