junglecom
asked on
How to Backup a server in a public DMZ from a internal Backup Server securely?
Greetings,
I have a web server sitting in our public DMZ that I want to backup with a server sitting in our private domain. How can I do this securely? If I open a port to allow access through the firewall then if the webserver becomes compromised that means the backup server(internal) can become compromised as well since there is an open port to get through. If the backup server becomes compromised then all the computers in the domain can also be affected.
How can I backup the web server in the public DMZ that will not require manual labor everytime I want to backup the webserver?
Attached is an example diagram.
Thank you !
problemdia.jpg
I have a web server sitting in our public DMZ that I want to backup with a server sitting in our private domain. How can I do this securely? If I open a port to allow access through the firewall then if the webserver becomes compromised that means the backup server(internal) can become compromised as well since there is an open port to get through. If the backup server becomes compromised then all the computers in the domain can also be affected.
How can I backup the web server in the public DMZ that will not require manual labor everytime I want to backup the webserver?
Attached is an example diagram.
Thank you !
problemdia.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No, not in an easy way since you only open the port for access from Internal net to DMZ. Connections are initiated from BE Server to BE Agent.
The only possibility would be for an attacker to replace the BE Agent with his own code and somehow affect your BE Server. This would be very hard imo as the BE Server is only doing file copying.
The only possibility would be for an attacker to replace the BE Agent with his own code and somehow affect your BE Server. This would be very hard imo as the BE Server is only doing file copying.
ASKER
Thanks!
ASKER