Solved

How to Backup a server in a public DMZ from a internal Backup Server securely?

Posted on 2008-06-17
4
2,824 Views
Last Modified: 2013-12-01
Greetings,

I have a web server sitting in our public DMZ that I want to backup with a server sitting in our private domain. How can I do this securely? If I open a port to allow access through the firewall then if the webserver becomes compromised that means the backup server(internal) can become compromised as well since there is an open port to get through. If the backup server becomes compromised then all the computers in the domain can also be affected.

How can I  backup the web server in the public DMZ that will not require manual labor everytime I want to backup the webserver?

Attached is an example diagram.

Thank you !
problemdia.jpg
0
Comment
Question by:junglecom
  • 2
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
Taurus042 earned 500 total points
ID: 21810853
If you open a port (10000 for Backup Exec) from the backup server to the web server the risk should be minimal. No ports need to be opened from DMZ to Internal network as the backups are initiated from the backup server.

As far as I know all that the Backup Exec server does is copying files via the agent. No files should be executed this way which means the backup server is reasonably safe.

The alternative is to run the backups within your DMZ. This requires another backup server and additional labor handling the backups on two servers.
0
 
LVL 2

Author Comment

by:junglecom
ID: 21827835
If the DMZ computer was infected with something could it take over the backup server using the port I would open (10000) ?
0
 
LVL 2

Expert Comment

by:Taurus042
ID: 21830114
No, not in an easy way since you only open the port for access from Internal net to DMZ. Connections are initiated from BE Server to BE Agent.
The only possibility would be for an attacker to replace the BE Agent with his own code and somehow affect your BE Server. This would be very hard imo as the BE Server is only doing file copying.
0
 
LVL 2

Author Closing Comment

by:junglecom
ID: 31468119
Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Life is full of imperfections – we all know it. Sometimes bad things happen to people for no particular reason. As they say: “it happens”. All we can do is to find a way to make some unavoidable situations… avoidable. Every kind of hardware has i…
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now