- 14
- 2
- NAS
- DS1821+, DS1815+, DS418j
- Router
- MR2200ac
- RT6600ax
- Operating system
- macOS
- Windows
- Mobile operating system
- iOS
Last edited:
Hi,
So I'm trying to figure out the best way to set something up. I have Nas1 that replicates over to Nas2 (backup). Nas2 isn't connected to the internet, (firewall, access control, app privileges etc.), basically it can only be accessed by one local computer and Nas1). Separate accounts/pass 2fa etc., I have DSM/everything else locked out of the port/account that Nas1 uses to connect, and I physically pull the other (admin) lan cable. But, one issue is Nas2 is older (DS1815), so no immutable snapshots.
So one potential I was thinking of is, if someone got into Nas1 they could just keep pushing snapshots over to Nas2 until they overwrite all the old ones. Even if I turn retention policy off, they could just do more than 1024; is that right? So I was thinking some kind of advanced retention, but I don't really understand the rules TBH.
Does this look right? Thanks for any help!
So I'm trying to figure out the best way to set something up. I have Nas1 that replicates over to Nas2 (backup). Nas2 isn't connected to the internet, (firewall, access control, app privileges etc.), basically it can only be accessed by one local computer and Nas1). Separate accounts/pass 2fa etc., I have DSM/everything else locked out of the port/account that Nas1 uses to connect, and I physically pull the other (admin) lan cable. But, one issue is Nas2 is older (DS1815), so no immutable snapshots.
So one potential I was thinking of is, if someone got into Nas1 they could just keep pushing snapshots over to Nas2 until they overwrite all the old ones. Even if I turn retention policy off, they could just do more than 1024; is that right? So I was thinking some kind of advanced retention, but I don't really understand the rules TBH.
Does this look right? Thanks for any help!