Setting up a server at home for backup purposes a bad idea?

I got burned by a hosting provider today, they had a datacenter issue and they claimed they do backups, but their backup was corrupted, so I lost a website that I had backed up on two different servers hosted by them. Both servers were affected, so the data was gone. That ONE website was sadly a website I had not backed up locally.

So, I'm thinking of buying a small cheap server and some harddrives to do periodic backups via FTP.

The question is, is there any security threat to my computers connected on the same network/router as the server that will have FTP access?

Is it even a reasonable idea to have a server at home getting backups of all my clients websites periodically? At this point, I feel I have to do everything myself because of numerous stories of 3rd party solutions failing to do what they claim.


Is it even a reasonable idea to have a server at home getting backups of all my clients websites periodically?

Yes, provided you follow some precautions

Is there any security threat to my computers connected on the same network/router as the server that will have FTP access?

Yes, if you do not follow some precautions

  1. What if my cloud server gets compromised? Then it is likely my home-based backup PC will also be compromised because the cloud server can connect to it.
  2. What if my home-based backup PC is compromised? What does it have access to?

So you basically want to reduce the risk of compromise of either system, whilst also limiting what access an attacker would have in the event that they do manage to compromise either/both.

Precautions

  1. Don't use FTP as credentials can be transmitted unencrypted, run an SSH server on a Linux box, and connect/transfer files using scp. Alternative - find an SFTP or SCP type server that runs on Linux, Mac or Windows.
  2. Use a limited SSH account that only has scp access to the backup directory, and only enough access to send the backup.
  3. Use a private key for authentication
  4. With the above steps, if your remote cloud server is broken into and the private key is stolen, then an attacker will only get access to a backup of a server that they already have access to!
  5. Run a firewall which has NAT/port forwarding and DMZ features (could even be your ISP's WiFi router if it has up to date firmware with no known vulnerabilities - double check this - some older ISP routers are riddled with bugs)
  6. Place your home-based backup computer in a DMZ. This way it doesn't easily get access to any of your other computers, and therefore dramatically reduces the threat if it is compromised. You can forward port 22 from your internal home network to the DMZ and log on with higher privileges for administration/scp purposes.
  7. Use the NAT/port forwarding to forward a random high TCP port (e.g. 55134) from your public IP to your SSH service - this will make the service less easily picked up
  8. Restrict access on the firewall so that the forwarded port is only visible to your remote cloud server
  9. Don't place any confidential data, SSH private keys, passwords, etc. etc. on your backup computer. This way if it is compromised you further reduce what an attacker has access to.
  10. Keep all systems/services up to date - especially on the cloud server and the backup PC. Vulnerabilities are always being discovered and can often easily be exploited by attackers, for example to turn basic access into root level access. (e.g. https://dirtycow.ninja/)

This list is the ideal scenario and should help you think about the risks. If your ISPs router doesn't have a DMZ feature and you don't want to invest in setting up an alternative firewall, then you might be happy with a compromise (I personally wouldn't be happy with it)- in that case I would ensure host-based firewalls are active on all your internal network PCs, and strong passwords, require authentication for all shares/services etc.

An alternative, as suggested by another user (here is a bit more detail) would be to script your cloud server to produce the backups and make them available, and script your backup PC to connect via SFTP or SCP (SSH) to pull the backups.

This could work well, but lock down the SSH/SFTP port so that only your backup PC can access it, use a limited access account, and think about some of the same precautions. E.g. what if your backup PC is compromised? Then your cloud server is also compromised, etc.