Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3003
  • Last Modified:

How to Backup a server in a public DMZ from a internal Backup Server securely?

Greetings,

I have a web server sitting in our public DMZ that I want to backup with a server sitting in our private domain. How can I do this securely? If I open a port to allow access through the firewall then if the webserver becomes compromised that means the backup server(internal) can become compromised as well since there is an open port to get through. If the backup server becomes compromised then all the computers in the domain can also be affected.

How can I  backup the web server in the public DMZ that will not require manual labor everytime I want to backup the webserver?

Attached is an example diagram.

Thank you !
problemdia.jpg
0
junglecom
Asked:
junglecom
  • 2
  • 2
1 Solution
 
Taurus042Commented:
If you open a port (10000 for Backup Exec) from the backup server to the web server the risk should be minimal. No ports need to be opened from DMZ to Internal network as the backups are initiated from the backup server.

As far as I know all that the Backup Exec server does is copying files via the agent. No files should be executed this way which means the backup server is reasonably safe.

The alternative is to run the backups within your DMZ. This requires another backup server and additional labor handling the backups on two servers.
0
 
junglecomAuthor Commented:
If the DMZ computer was infected with something could it take over the backup server using the port I would open (10000) ?
0
 
Taurus042Commented:
No, not in an easy way since you only open the port for access from Internal net to DMZ. Connections are initiated from BE Server to BE Agent.
The only possibility would be for an attacker to replace the BE Agent with his own code and somehow affect your BE Server. This would be very hard imo as the BE Server is only doing file copying.
0
 
junglecomAuthor Commented:
Thanks!
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now