This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |
| rethinking_my_backup_strategy [12.08.2021 17:29] – [dar] Pascal Suter | rethinking_my_backup_strategy [12.08.2021 17:42] (current) – [First POC - Burp + rsync] Pascal Suter |
|---|
| |
| ===== First POC - Burp + rsync ===== | ===== First POC - Burp + rsync ===== |
| | **NOTICE** i had to give up on rsyncd as a rsync server to push the backup to, as rsyncd [[https://www.rapid7.com/blog/post/2018/12/21/rsunk-your-battleship-an-ocean-of-data-exposed-through-rsync/|seems to be unsuitable]] for sharing files over the internet. Instead i later went with SFTPgo (see above) on the burp server to share the latest backups via sftp and then have the offsite server pull the data from the burp server. I recon this is still pretty safe as authentication can be done with ssh keys, SFTPgo allows to make sure that the user gets read-only access and nothing else, the data the user can read is encrypted with a key that neither the burp server nor the offsite server know, so a data leak through this channel would be pretty worthless i'd recon (given a good encryption password of course) |
| | |
| with all the arguments above considered, I decided to proceed a burp based solution and just add off-site capabilities to burp. Here is the targeted setup: | with all the arguments above considered, I decided to proceed a burp based solution and just add off-site capabilities to burp. Here is the targeted setup: |
| * "Local" backup server running burp in server mode with the following key settings: | * "Local" backup server running burp in server mode with the following key settings: |