tag:blogger.com,1999:blog-5976686513564131325.post4899823095980070724..comments2024-03-17T15:34:05.492-06:00Comments on MPECS Inc. Blog: Protecting a Backup Repository from Malware and RansomwarePhilip Elder Cluster MVPhttp://www.blogger.com/profile/06082028960643490292noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-5976686513564131325.post-88091260059154521182016-04-18T08:51:00.138-06:002016-04-18T08:51:00.138-06:00Some good points here Philip - and got me thinking...Some good points here Philip - and got me thinking about securing ours.<br />One other thought/solution would possibly be firewalling off the Shadowprotect destination so it's only accessible from the servers themselves and not the end user workstations so an infection on a workstation would not be able to access the share even if permissions were granted.<br />For the ultra paranoid, In an ideal world you would open up access to the destination server when the backup starts and then close it afterwards but I can see that becoming a management headache and would need some pretty clever scripting to change the permissions.<br /><br />Absoblogginlutely!https://www.blogger.com/profile/10375412476973524867noreply@blogger.comtag:blogger.com,1999:blog-5976686513564131325.post-5364368411361656882016-03-29T12:19:40.188-06:002016-03-29T12:19:40.188-06:00Ken,
If that were the case then we'd have _wa...Ken,<br /><br />If that were the case then we'd have _<i>way</i>_ more problems on our hands than unauthorized network access to the backups.Philip Elder Cluster MVPhttps://www.blogger.com/profile/06082028960643490292noreply@blogger.comtag:blogger.com,1999:blog-5976686513564131325.post-67980131464000618462016-03-28T16:29:19.170-06:002016-03-28T16:29:19.170-06:00Great posting Phil.
With the latest ransomware, I...Great posting Phil.<br /><br />With the latest ransomware, I'm getting more and more paranoid. For LAN-based storage, I'm concerned whether permissions-based protection is enough. <br /><br />Even if it's not a domain member, has no credentials in common with the server or domain, and no open shares, I'm concerned whether a Windows-based NAS or BDR might be susceptible to some sort of low-level network hack via NETBIOS or such. <br /><br />I'm thinking that any LAN-based storage devices should be on a separate subnet, preferably accessible only via a firewall. And better get, using only ImageManager ftp updates to the BDR, which means there's no way for ransomware to get to the BDR via NETBIOS.<br /><br />Do you think that might be over the top?<br /><br />-- Ken<br />Ken Walleweinhttp://www.kmsi.netnoreply@blogger.comtag:blogger.com,1999:blog-5976686513564131325.post-90217544681312891382016-02-24T12:52:46.560-07:002016-02-24T12:52:46.560-07:00Rob,
MOD = R/Wr access at the NTFS level for that...Rob,<br /><br />MOD = R/Wr access at the NTFS level for that user/user group.Philip Elder Cluster MVPhttps://www.blogger.com/profile/06082028960643490292noreply@blogger.comtag:blogger.com,1999:blog-5976686513564131325.post-63551649186801175042016-02-23T21:35:56.374-07:002016-02-23T21:35:56.374-07:00Looks great. Been doing some of this, but I guess...Looks great. Been doing some of this, but I guess I'm not taking it quite far enough. Thanks for sharing...<br /><br />Enlighten me though: what is this MOD you refer to? I figure I should have been able to figure it out from the context, but I just can't quite get it...Rob Pelletiernoreply@blogger.com