I am trying to understand why replication pushes to the remote server instead of having the replication server pull the data in. In every backup system I previously set up, the backup servers pulled the data from the main server.
The idea is that a compromised server should not be able to delete the offsite backups. In freenas a compromised server has SSH access to the offsite data and an attacker can easily wipe the data on the remote side. Technically it should be simple doing either way. So I wonder about the reasons for the current implementation.
A freenas server runs various different services which enlarges the attack vector. A backup server doesn't run any services, except SSH and is therefore less likely to get compromised.
Furthermore, if the server replicates to several backup servers, a compromised server can delete the data on all backup servers at the moment. Using the “pull paradigm” a compromised main server can't touch any offsite data and a compromised backup server can delete its own data and the data on the main server, but it can't access the data on other backup servers.
Can somebody shed some light on this? What am I missing here?
The idea is that a compromised server should not be able to delete the offsite backups. In freenas a compromised server has SSH access to the offsite data and an attacker can easily wipe the data on the remote side. Technically it should be simple doing either way. So I wonder about the reasons for the current implementation.
A freenas server runs various different services which enlarges the attack vector. A backup server doesn't run any services, except SSH and is therefore less likely to get compromised.
Furthermore, if the server replicates to several backup servers, a compromised server can delete the data on all backup servers at the moment. Using the “pull paradigm” a compromised main server can't touch any offsite data and a compromised backup server can delete its own data and the data on the main server, but it can't access the data on other backup servers.
Can somebody shed some light on this? What am I missing here?