-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
How to protect the NAS from ransomware attacks?
- Thread starter Star-Dust
- Start date
- Similar Threads Similar Threads
D
Deleted member 103
Guest
I can only write how my solution looks like, whether it is the best I can not say.
My NAS is connected to my Fritzbox.
The NAS has several shares that can be mounted from PC as drives.
These drives are mounted but only for the time when a backup should be made.
As far as I know, a virus examines all PC drives and since the NAS shares are not mounted can not make the virus.
I know that this is not the best solution, but it is better than nothing.
NAS as Network Attached Storage
or
NAS as Network Access Server?
I'm probably wrong but I think you are talking about two different things.
This: NAS Orecch Gol
I have a Synology DS218play with 2 disk of 3 tb.
I use it to backup pc documents, as cloud server. Internally I do a backup daily to the other disk and once a week to a USB disk.
I use it to backup pc documents, as cloud server. Internally I do a backup daily to the other disk and once a week to a USB disk.
D
Deleted member 103
Guest
For saving I use a simple batch file.
Batch file content:
1. mount drives
2. run backup with RoboCopy
3. unmount drives
when you mount the drive if you have ramsware in your system, your nas will get infected too.
I have this setup:
Dual Raid 4TB nas with 10Gb memory.
NAS is running a Docker Nextcloud instance, with the storage files kept in a secure (system only) directory on the NAS, outside any shares.
NAS has Virus Scanning enabled.
All PC's have nextcloud client installed and sync from/to their nextcloud home account / shared directories, this is the main backup form, because Nextcloud by default is configured to keep several versions of every file.
If something goes wrong I log to Nextcloud, delete any infected files and restore the previous versions, later and after the infection is stopped, all clean files get synced back to their PC's.
I also run SyncBackFree (windows) to push directly to the NAS Storage copies of my work directories, weekly and monthly. But this method has no file versioning, so if any files get infected they will be copied and will replace any good copies on the NAS (if the virus scan allows it of course).
I had no incidents until today and the nas has been running for 3 years.
I also advised every user, that if their PC ever gets infected I will kick them of the house and put all clothes in plastic bags, and that seem to have worked well
Dual Raid 4TB nas with 10Gb memory.
NAS is running a Docker Nextcloud instance, with the storage files kept in a secure (system only) directory on the NAS, outside any shares.
NAS has Virus Scanning enabled.
All PC's have nextcloud client installed and sync from/to their nextcloud home account / shared directories, this is the main backup form, because Nextcloud by default is configured to keep several versions of every file.
If something goes wrong I log to Nextcloud, delete any infected files and restore the previous versions, later and after the infection is stopped, all clean files get synced back to their PC's.
I also run SyncBackFree (windows) to push directly to the NAS Storage copies of my work directories, weekly and monthly. But this method has no file versioning, so if any files get infected they will be copied and will replace any good copies on the NAS (if the virus scan allows it of course).
I had no incidents until today and the nas has been running for 3 years.
I also advised every user, that if their PC ever gets infected I will kick them of the house and put all clothes in plastic bags, and that seem to have worked well
The danger lies in the activated services and in the sharing of discs
I would recommend disabling all unnecessary services, and disk sharing via smb, nfs, cifs, etc ...
I would only activate ftp servers on the nas, with a modified port compared to the classic tcp 21, for example you could use a tcp 21212
Then I would use on a PC that needs to make backup copies, a program that allows the transfer via ftp with a destination (the Nas) protected by user/password
Even if a virus completely ruin the file system of a single pc, it is impossible for an automatic system to detect the user/password of the program used for backups
Since you are analyzing the problem, I advise you to create a program to make backup copies with access via ftp to the destination, and distribute it on the forum
So we (the 'Scarsotti gang') can have a procedure that is certainly not recognizable by any malware with 'backup programs' archive
Obviously, after performing a firmware update, the nas must not be 'visible' from the external network
And therefore the default gateway will NOT be present in the network configuration
Between point 1 and point 3, every malware can destroy the files on nas
If you put your ear close to your nas you will hear low-volume screams "let's go, go on, go on ..."
It's the viruses trying to get in
Last years I am selling and using NAS from Synology... they are super fast (quad core series) - they re having super wow OS (linux like) - very easy... and many many many many add-ons !!!
I like the following setup:
one ssd samsung 512GB + 3 red wd... 2tb ... 4tb any you want
The ssd wanted for fast communication with client when backuping !!!
Synology Time Backup... this the key backup the ssd to the others disks different days/hours cycle for 6 months...
So in case you have a problem you can go back to the date you want... (something like time-machine, or windows protection)
but ofcourse a good Antivirus I/S like Kaspersky always help... too
I like the following setup:
one ssd samsung 512GB + 3 red wd... 2tb ... 4tb any you want
The ssd wanted for fast communication with client when backuping !!!
Synology Time Backup... this the key backup the ssd to the others disks different days/hours cycle for 6 months...
So in case you have a problem you can go back to the date you want... (something like time-machine, or windows protection)
but ofcourse a good Antivirus I/S like Kaspersky always help... too
D
Deleted member 103
Guest
This can not happen, all my data is stored on the PC in a local drive. If a virus destroys the data, I notice it immediately, because I work with the data every day. And if the data is destroyed, I don't start a backup. So the NAS backup can't be destroyed either.
I have been using my NAS(Buffalo LS210D0301) for 7 years and have never had any problems with viruses.
The only antivirus I use is Windows Defender, and it does its job very well.
Of course, as a good PC user, you have to know what you are clicking on, and not just click on everything that is offered to click on.
Then you have no problems with any virus.
This can not happen, all my data is stored on the PC in a local drive. If a virus destroys the data, I notice it immediately, because I work with the data every day. And if the data is destroyed, I don't start a backup. So the NAS backup can't be destroyed either.
I have been using my NAS(Buffalo LS210D0301) for 7 years and have never had any problems with viruses.
The only antivirus I use is Windows Defender, and it does its job very well.
Of course, as a good PC user, you have to know what you are clicking on, and not just click on everything that is offered to click on.
Then you have no problems with any virus.
The question is simple.
Sometimes I try other applications for work reasons. This is a risk, whoever gives me a sw may not know that it is the vehicle of a viral infection. But the damage done does not take into account good faith.
So solve the problem with a nat? Better an ftp server? A password synchronization system?
Sometimes I try other applications for work reasons. This is a risk, whoever gives me a sw may not know that it is the vehicle of a viral infection. But the damage done does not take into account good faith.
So solve the problem with a nat? Better an ftp server? A password synchronization system?
D
Deleted member 103
Guest
Then it is better to test it in a virtual environment, like VMware.
One of my 45drives boxes running TrueNAS I have an SMB share that is mounted as a WORM. I dump my SQL Server backups to that. 5 minutes after the backup completes they are read only even to the domain admin. Only way to access them is to get root on the TrueNAS box. I have a cron job that cleans backups older than 5 days. I also have an additional 45drives box offsite thru a epl line to offsite storage. In addition I have S3 storage to accept Veeam snapshots and a couple other fail safes. I got REviled last year and don't wish to go through that again