What’s the rationale for this? Genuinely curious.
Comment on How do you protect a remote backup from a compromised account?
lIlIllIlIIIllIlIlII@lemmy.zip 2 days ago
Do pull backups instead of push backups: Backup server connects to local machine.
non_burglar@lemmy.world 2 days ago
bcnelson@lemmy.world 2 days ago
The reasoning is that your backup server should be more secure than production. Production has to have a bunch of stuff open in order to be useful and convenient. The backup server does not. It can be basically fully locked down.
Onomatopoeia@lemmy.cafe 2 days ago
To add - by doing pulls the backup server uses different credentials to run than the credentials used to perform pulls.
Backup server has it’s own credentials database, machines being backed up have their own database. Backup service in backup server uses appropriate credentials from machine being backed up to access the data there (shares, etc). So credentials from compromised machine are unrelated to credentials for backup server.
And if backups are done properly (full on a schedule, daily incrementals, or something similar) you should be able to revert to a known-good state with minimal data loss.
pgo_lemmy@feddit.it 2 days ago
If the main site gets compromised the credentials there must be considered lost and known to che attackers.
with a pull backup that’s not an issue because the main site has no access to the remote system; it is a process on the remote site that has credentials to access the main site and not the other way around.
the remote system may receive a compromised copy of the data, but the attacker cannot tamper with previous backups so recovery is still possible.
non_burglar@lemmy.world 1 day ago
That makes sense. I use NFS, so there are other controls for security because “offsite” is another building on my property, but still in the same pool of subnets…
lIlIllIlIIIllIlIlII@lemmy.zip 1 day ago
This is the main reason I had in my head about pull backups. Thanks for the explanation.
a_non_monotonic_function@lemmy.world 1 day ago
Why downvote this?
eyesaremosaics@lemmy.zip 1 day ago
That’s an interesting idea