I'm using snapshot replication to backup my primary NAS to a secondary NAS. To do this, you have to set credentials on the primary NAS for an admin user on the target NAS. I'd prefer to use a service account that only has the required permissions, but according to Syno support this isn't possible, it must belong to the admin group. This makes sense considering the user must be able to do quite a lot in the background – create new shared folders, configure snapshot settings/schedule/retention on the target NAS, etc. I've not discovered a way to delete snapshots on the remote NAS through the UI on the primary NAS, and Syno support says this is correct – snapshots that are pushed to a remote NAS can only be deleted on the remote NAS (great!). But my theoretical concern is that if my primary NAS was compromised, the attacker would be able to discover the credentials for my secondary NAS and wipe out my remote backups. Searching and Syno support hasn't helped me uncover where and how credentials for snapshot replication are stored. I know that for Hyper Backup it's very easy to find the credentials for (example) an S3 destination and delete the backups there.
All in all, I'd like to be able to prove that my primary NAS being compromised doesn't inherently result in all backup targets being wiped or maliciously encrypted. Snapshot replication is generally marketed as protecting agains this, but white papers and conversation w Syno support isn't giving specifics on how this is achieved.
That's a lot of background to ask – does anyone know where and how DSM stores credentials for snapshot replication? Are the keys to decrypt these credentials locked to the hardware and inaccessible to DSM admin users? How is this chain protected?
Just trying to understand the process fully, if anyone can shed some light on this or my mis-understandings it would be much appreciated!
All in all, I'd like to be able to prove that my primary NAS being compromised doesn't inherently result in all backup targets being wiped or maliciously encrypted. Snapshot replication is generally marketed as protecting agains this, but white papers and conversation w Syno support isn't giving specifics on how this is achieved.
That's a lot of background to ask – does anyone know where and how DSM stores credentials for snapshot replication? Are the keys to decrypt these credentials locked to the hardware and inaccessible to DSM admin users? How is this chain protected?
Just trying to understand the process fully, if anyone can shed some light on this or my mis-understandings it would be much appreciated!