Comment on How do you protect a remote backup from a compromised account?

<- View Parent
Onomatopoeia@lemmy.cafe ⁨3⁩ ⁨weeks⁩ ago

To add - by doing pulls the backup server uses different credentials to run than the credentials used to perform pulls.

Backup server has it’s own credentials database, machines being backed up have their own database. Backup service in backup server uses appropriate credentials from machine being backed up to access the data there (shares, etc). So credentials from compromised machine are unrelated to credentials for backup server.

And if backups are done properly (full on a schedule, daily incrementals, or something similar) you should be able to revert to a known-good state with minimal data loss.

original
Sort:hotnewtop