A virusproof (ransomware...) strategy for backup on a NAS?

12

3

I bought a NAS to share files and as backup solution.

Recently my netbook got infected by a ransomware. All files on the netbook and most of the file on the NAS were destroyed (the virus shuffles the first bits of the files). Fortunately my main PC was not attacked and since I do manual backups on portable HDD I lost anything.

But still, it frightened me since I think I could lost lots of data if it appeared on my main PC. Indeed if a backup is running when the files are being corrupted then I would backup corrupted data on the NAS!

So my question: is there a virusproof backup strategy?

Thank you for your help.


So after I read your answers, I now understand I need two solutions:

  1. Sync my data in a location that CAN be accessed by the clients so that I can share data between computers (I would call it the synced area)
  2. Then backup this synced area in a location that CAN'T be accessed by the clients

Finally my questions:

  1. Are those 2 assertions above enough to be safe?
  2. How to setup this solution with computers on windows and a Synology NAS?

Daniel Beck asked for more detail on my environment:

I have 2 PCs:

  1. The main desktop PC with which I do most of the stuff (sorting photos, accounting, etc.) It has HDDs big enough to contain all data I need to share and backup.
  2. The second one is a netbook. It has a small HDD, so it doesn't contain all data (for example no photos). But it is often used to edit some documents from the shared area. Sometimes I will create new data that I will manually save in the shared area.

At the moment, I do all copies on the NAS manually (I have no backup software).

My NAS is Synology DS211j, it hosts the shared data.

So I would like to:

  1. give access to the netbook to all data that is on the desktop PC even if it is shut down down
  2. Have a solution to protect my data from viruses.
  3. Set up an automated solution for all of that.

Thanks to the latest comment of Liori, here is what I would like to try:

  1. Reset my NAS set up from RAID with 2 HDDs to 2 separated volumes.
  2. Set up a synchro of data on volume 1 that will be seen by user.
  3. Use the Synology NAS time backup software, to backup shared volume 1 on backup volume 2. Volume 2 will NOT be seen by users.

If it is safe, I see a lot of advantages:

  • Even if it is not so good, I keep access to my data thru Internet.
  • The backup of data would be scheduled on the NAS, I don't need to let my computer on for backups.
  • I would have my data on 3 locations: main desktop PC + shared volume + backup volume (4 in fact with the manual backup on USB HDD). So I lost useless RAID, and I get secured backups on dedicated HDD.

Do you think it would work?

Thanks again!

Plouff

Posted 2012-08-05T17:14:58.450

Reputation: 242

1Backup is different from syncing. Please explain how the two are related in your case. – Daniel Beck – 2012-08-05T22:04:45.413

Ok, it is more complicated than I thought. I am going to update the answer again. – Plouff – 2012-08-05T22:07:19.113

Answers

14

The solution is to keep a history of backups.

You can store one daily backup, say for the last seven days. Then one backup per week four times per month. This way, if the backup from yesterday had been saved in a bad state, you take the backup from the day before. Or you can take the backup from last week.

To save space you can either use a file system with supports deduplication, use hard links or store only the difference between the backup. Which solution is best, depends on your needs, setup and the software you run.

EDIT: You updated your question and added additional information.

As you already know, you have to separate the data from the backup. A backup is always redundant, if possible even more than one copy. I don't know your NAS solution and their backup software. But I can tell you how I solved this.

I use an old 300MHz system as backup server, which is connected to the file server (that would be your NAS in your configuration). Once per day the backup server switches on and pulls the backup from the file server and writes the data on its own hard drives. As backup software I use rsnapshot. No client computer has access to the backup server in any way. And it is only running for a short time per day.

This is only one possible solution out of many. The key points of a good solution are:

  • Keep a history of backups
  • A backup is always redundant
  • A backup is stored on different hardware (e.g. a second drive, not a second partition on the same drive)
  • The client computers must not have access to the backup
  • The backup should be as easy as possible, at best fully automatic
  • Depending on how often restores are expected, it should not be too big of a burden to restore the data

Marco

Posted 2012-08-05T17:14:58.450

Reputation: 4 015

I understand the need of history of backups but unfortunately, I don't think it would have prevent the ransomware to destroy data. I was maybe not accurate enough. But the ransomware had access to the NAS thru the netbook. And it destroyed the files on the NAS! – Plouff – 2012-08-05T21:34:46.783

3Do it the other way round. The (possibly infected) clients should not have arbitry write access on the NAS. The backup server (might also run on the NAS) should pull the data from the clients and save it on the NAS. – Marco – 2012-08-05T21:52:04.283

Okay! I understand now! Is it possible to do things like that with a synology NAS? – Plouff – 2012-08-05T22:05:36.527

1I'm afraid your answer misses one key point of that strategy: If you want to provide protection against altering of the backup by malicious software, you need to use different physical media for the old backups. If the user, as in this case, can't guarantee the integrity of the software on their computer, why should write permissions on the NAS be trusted? Malware might just steal the login credentials from a browser's password store or similar. – jstarek – 2012-08-06T07:02:25.497

I agree with you. It took me a little bit time to understand I need to separate shared data from backups. Could you tell me what you think of the last update of the question? Thank you! – Plouff – 2012-08-06T21:28:17.380

@Marco: Thanks for the update of your answer. Now everything is more clear. Btw, when you say A backup is not stored on different hardware, isn't it the opposite? As a first step I think I am going to leave RAID to have one disk for share and another for backups. In the future, I'd like to set up a solution with an old PC, as you said. It seems nice! – Plouff – 2012-08-07T11:27:45.870

@Plouff You're right, of course. It was a typo, I corrected. – Marco – 2012-08-07T11:44:55.273

@Marco: I forgot to select a solution. I choose yours since it contains the main aspect of a virus proof solution. Thank you for your help! – Plouff – 2012-08-07T21:07:27.133

7

The only way to have virus-free backups is to have some sort of history: you have to store your backups for several days/weeks/monthes.

This don't garantee to be virus-free, but this garantee you can recover files before you discover a recent infection.

One very important thing about backups: the "client" computer must not have access to the backups.
This means this is the "server" computer which connect to the client and make the backup. Most backup program are not designed this way.
Another method is to remove backups from client's sight once done. But this is often done in a bad way, leading to no security increase.

Gregory MOUSSAT

Posted 2012-08-05T17:14:58.450

Reputation: 1 031

After I got hit by the ransomware, I tried to remove backups from client's sight by removing the NAS as network drive on all Windows machines. So at the moment I access my NAS thru the Windows address bar and I don't save the password. But I don't know if a ransomware is able to scan the network to find other location. If it is able to do it, then since Windows saves the password during the active session (even if you ask not to save password forever), the ransomware could access the NAS. Is there a simple way to apply what you said on Windows? – Plouff – 2012-08-05T21:42:08.677

4

What you mention seem to be multiple separate issues. One is easier to overcome (accidental deletes or backing up of bad data) than the other (targeted malware).

In increasing order of severity / effort to save your data:

  1. (Unnoticed) corruption of the data of one of your systems making it to the backup drive, deleting all the good data or replacing it with crap. Other answerers mentioned before, keep multiple generations. This saves you also from much more mundane issues, like software doing bad writes (I know people whose office software created broken, unreconverable files) without you noticing.

  2. Malware that breaks all files on all connected drives. This one is more difficult, because malware can just delete or render unusable all of the backup generations, given programmatic access to them. Keep multiple backup drives and regularly switch between them. Never connect them at the same time.

  3. Fires, burglary, lightning strikes, or a significant other who likes to throw (preferably expensive) things at you. Maintain multiple physical drives. Keep one of them off site at all times. Regularly switch between them to make sure both are reasonably up to date. Optionally, add an online backup solution you trust to the mix.


Of course, you can attempt to prevent some issues by e.g. keeping multiple backup generations and removing all write permissions to the files once they've been written, so malware cannot just overwrite them. I wouldn't rely on that, especially if you have malware problems already.

Daniel Beck

Posted 2012-08-05T17:14:58.450

Reputation: 98 421

I think you definitely identified and separated the issues. Thus I am going to update my question above. – Plouff – 2012-08-05T21:52:14.563

3

I'd like to suggest another solution.

Use a different system installation only for backups—preferably one which is really a different operating system. For example, you could make a USB drive (or actually install the secondary OS on the backup drive) with some Linux and use it to backup your primary operating system, which I guess is Windows.

Only connect the backup storage when that secondary OS is loaded.

This way a malware could destroy your backups only if it was prepared to work under two different operating systems, and this level of sophistication is very very rare (think Stuxnet-level sophistication).

liori

Posted 2012-08-05T17:14:58.450

Reputation: 3 044

The problem with forcing the user to reboot the system in order to take a backup is that backups then cannot happen while the user is doing something else. The advantage is that backups cannot happen while the system is doing something else: they are guaranteed to be an internally consistent data set. Which one of these is more important depends on the use case. As an extreme example, I doubt any bank uses anything like the scheme proposed in this answer! Personally, I prefer for backups to happen in a regular, automated fashion, even if it means a slight risk of dataset inconsistency. – a CVn – 2015-01-22T20:54:27.173

If you implement an overly complicated solution, as the proposed one, it's not unlikely that you don't backup as often as you should. A backup should be as easy as possible, in the best case fully automatic. A simpler solution would be to export the hard drive and let the backup server simply grab the data via LAN. This way the client (and its malware) does not need to have write access on the backup server. – Marco – 2012-08-05T19:36:59.707

I did it once and I don't deem it complicated. In my case I just prepared the backup OS on the external harddrive. One of the startup scripts started the backup itself, and when the backup is over, it turned off the computer. So all I had to do was to connect the hard drive, restart my computer and go to sleep. In my case the partitions on that hard drive were prepared so they wouldn't automount on the primary OS, so I actually could plug the backup drive without worrying much about safety of backups. It was the safest solution I could realize cheaply with just a hard drive, and no external PC – liori – 2012-08-05T19:55:51.930

I did not mentioned that I am speaking of a backup solution at home. Moreover I am not so fluent in IT. Your solution seems great, but difficult for me to set up. I am not sure I understood everything though. – Plouff – 2012-08-05T21:49:26.733

Yeah, it is probably not so trivial to set up… but I think any working solution to this problem will be of similar complexity. Also I think the other solutions (like just keeping history on a single NAS) won't help in case of malware (because malware can destroy both the primary backup and the history) unless you actually have several distinct devices you back up to, or an additional networked PC (or a NAS smart enough to work like one). I don't know how smart is your NAS—it heavily depends on the model. – liori – 2012-08-05T22:10:34.230

My NAS is a Synology DS211j. I don't know how smart it is. Probably smarter that I am on backup strategies at the moment lol! – Plouff – 2012-08-05T22:24:41.573

1

@Plouff: it might be good enough. If this thing: http://www.synology.com/dsm/home_backup_desktop_backup.php?lang=enu works even if the NAS is not mounted directly to your PC (and instead uses whatever is shared from the PC), then you will have a backup space which is not directly accessible by the PC. Ah, btw, you wrote you wanted to use the NAS also to “share files”—I'd advise against doing so for security, but if you still want to do it, make a distinct volume inside the NAS for sharing data, like on the screenshot here: http://www.synology.com/dsm/home_easy_setup_home_storage.php?lang=enu

– liori – 2012-08-06T06:34:07.737

Ok, now I understand the principles of the strategy. Thank you very much. You made aware that my RAID setup (with 2 HDDs of 2To) on the NAS is totally useless. But, I really want to share files with the NAS, since it gives access to my data everywhere (and I have only 1 NAS). So could you tell me what you think about the update of the question? – Plouff – 2012-08-06T21:22:13.457

1

@Plouff: Sounds nice. One thing: it seems that you don't have to stop using RAID. According to this documentation: http://ukdl.synology.com/ftp/ds/userguide/x11-Series/Syno_UsersGuide_NAServer_enu.pdf, chapter 4. — you can set up a “Disk Group” which does the RAID, and then create multiple volumes inside it.

– liori – 2012-08-07T11:01:37.557

@liori: Thank you for your answer. I am going to do it in this way then. Was it is the interest of keeping the use of RAID? – Plouff – 2012-08-07T11:12:49.573

Depends on what kind did you have in mind. If it was RAID-0, then you're probably not losing much from disabling it (in theory it is used for speeding up disk access, but here you're limited by the speed of network connection anyway). If it was RAID-1, then I'd probably prefer to leave it on—in case of disk failure the recovery is much simpler. – liori – 2012-08-07T11:42:32.843

I am using the Synology Hybrid RAID. I think it is RAID 1. But finally I am going to disable the RAID to keep the backup disk out of the network. I think it is possible that a virus attack the shared disk. If I have a failure on the backup disk, I will just change it! Finally, I just need time to set up this strategy. Thank you very much for the time you took to answer my questions! – Plouff – 2012-08-07T21:11:39.483

-1

The only true defense is to clone your NAS on a regular basis and keep at least 2 offline copies of the data in case the NAS is attacked or fails while cloning it. Considering how cheaply you can get multi terabyte drives this is actually alot more feasible than it used to be especially if your using a hot swap bay with bare drives instead of premade externals

Mike Loeven

Posted 2012-08-05T17:14:58.450

Reputation: 69

This appears to be more of a comment then an actual answer. – Ramhound – 2016-10-17T17:29:12.550