ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    PCs Backup software that can isolate backup destination to protect from Ransomware virus.

    IT Discussion
    9
    170
    19.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • openitO
      openit
      last edited by

      Dear all,

      Looking for backup software for Windows environment with following requirements:

      1. Software that can isolate backup destination to protect from ransom-ware so that PC got infected will not effect backup target.

      2. Software can take snapshot or system image.

      3. Of course schedule backup and data retention option.

      4. Centralized Management.

      5. Good price, of course:)

      The backup destination will be NAS box and we got around 100 PCs.

      I prefer perpetual(one time payment) license.

      Thanks all !

      scottalanmillerS DustinB3403D 2 Replies Last reply Reply Quote 3
      • dafyreD
        dafyre
        last edited by

        You could take a look at URBackup:

        https://www.mangolassi.it/topic/11423/urbackup-review-plus-configuration-options

        1 Reply Last reply Reply Quote 3
        • scottalanmillerS
          scottalanmiller
          last edited by

          StorageCraft, Veeam, Unitrends, Datto... lots of options.

          openitO 1 Reply Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller @openit
            last edited by

            @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

            The backup destination will be NAS box and we got around 100 PCs.

            You must have a backup server in place between the PCs and the NAS in order to have any protection against ransomware, otherwise the ransomware can attack the NAS directly using the same permissions as the backup mechanism on the PCs.

            crustachioC openitO 2 Replies Last reply Reply Quote 2
            • crustachioC
              crustachio @scottalanmiller
              last edited by crustachio

              @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

              @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

              The backup destination will be NAS box and we got around 100 PCs.

              You must have a backup server in place between the PCs and the NAS in order to have any protection against ransomware, otherwise the ransomware can attack the NAS directly using the same permissions as the backup mechanism on the PCs.

              NAS snapshots could mitigate this risk. Just like Exablox advertises Continuous Data Protection (CDP) as a remedy to ransomware - you can go back to any snapshot in 10 second intervals out until your retention policy limit (file level or share level).

              Even basic QNAP and Synology boxes offer scheduled snapshots. Not necessarily a replacement for an intermediate backup server, just an option to consider.

              openitO 1 Reply Last reply Reply Quote 1
              • crustachioC
                crustachio
                last edited by

                Also, to the OP's question... isn't any backup software capabl;e

                @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                1. Software that can isolate backup destination to protect from ransom-ware so that PC got infected will not effect backup target.

                Isn't any backup software capable of this? As long as your backup storage target has unique permissions that can't be mapped, browsed or written by any domain users, the software you choose is irrelevant.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @crustachio
                  last edited by

                  @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                  Also, to the OP's question... isn't any backup software capabl;e

                  @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                  1. Software that can isolate backup destination to protect from ransom-ware so that PC got infected will not effect backup target.

                  Isn't any backup software capable of this? As long as your backup storage target has unique permissions that can't be mapped, browsed or written by any domain users, the software you choose is irrelevant.

                  How does software do that when it is running on the compromised machine?

                  JaredBuschJ crustachioC 2 Replies Last reply Reply Quote 1
                  • JaredBuschJ
                    JaredBusch @scottalanmiller
                    last edited by

                    @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                    @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                    Also, to the OP's question... isn't any backup software capabl;e

                    @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                    1. Software that can isolate backup destination to protect from ransom-ware so that PC got infected will not effect backup target.

                    Isn't any backup software capable of this? As long as your backup storage target has unique permissions that can't be mapped, browsed or written by any domain users, the software you choose is irrelevant.

                    How does software do that when it is running on the compromised machine?

                    Using veeam endpoint, I specify creds in the application. It does not connect to the nas with user creds.

                    scottalanmillerS DashrenderD openitO 3 Replies Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @JaredBusch
                      last edited by

                      @JaredBusch said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      Also, to the OP's question... isn't any backup software capabl;e

                      @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                      1. Software that can isolate backup destination to protect from ransom-ware so that PC got infected will not effect backup target.

                      Isn't any backup software capable of this? As long as your backup storage target has unique permissions that can't be mapped, browsed or written by any domain users, the software you choose is irrelevant.

                      How does software do that when it is running on the compromised machine?

                      Using veeam endpoint, I specify creds in the application. It does not connect to the nas with user creds.

                      That helps. But once compromised, I wonder how much protection that supplies since the ransomware can control the binary.

                      crustachioC 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @JaredBusch
                        last edited by

                        @JaredBusch said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        Also, to the OP's question... isn't any backup software capabl;e

                        @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        1. Software that can isolate backup destination to protect from ransom-ware so that PC got infected will not effect backup target.

                        Isn't any backup software capable of this? As long as your backup storage target has unique permissions that can't be mapped, browsed or written by any domain users, the software you choose is irrelevant.

                        How does software do that when it is running on the compromised machine?

                        Using veeam endpoint, I specify creds in the application. It does not connect to the nas with user creds.

                        I was thinking of this too, but if the endpoint is compromised, then the application can be attacked and those creds could (no idea of likeliness) be compromised.

                        1 Reply Last reply Reply Quote 0
                        • crustachioC
                          crustachio @scottalanmiller
                          last edited by crustachio

                          @scottalanmiller all the software I have used accesses remote storage using credentials supplied within the application. In Veeam, for instance, you can choose unique credentials when adding the backup repository:

                          alt text

                          You could be running Domain Admin on the backup host machine, but Domain Admin has no permissions on the NAS share.

                          A cryptolocker ran on the Domain Admin account on that machine would encrypt all the local files and share-accessible files, but since the Domain Admin has no permissions on the NAS, it's safe.

                          1 Reply Last reply Reply Quote 1
                          • crustachioC
                            crustachio @scottalanmiller
                            last edited by

                            @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                            • crustachioC
                              crustachio
                              last edited by

                              Don't forget you can define standalone service accounts for Veeam itself on the host machine. It doesn't have to run as the local user/admin/etc.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @crustachio
                                last edited by

                                @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

                                I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

                                DashrenderD crustachioC 2 Replies Last reply Reply Quote 1
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                  @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                  @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

                                  I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

                                  LOL - for a min there I thought I missed a post you put up.

                                  Yeah, the ability to break into the app and pull out those credentials will be a thing. Just like how virus can disable antivirus software.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • crustachioC
                                    crustachio @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                    @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                    @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

                                    I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

                                    OK, I'll grant that. So what's your recommendation? You said earlier to put backup software on a machine in front of the NAS. Now what? 😄

                                    /devilsadvocate

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                      @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                      @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                      @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

                                      I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

                                      LOL - for a min there I thought I missed a post you put up.

                                      Yeah, the ability to break into the app and pull out those credentials will be a thing. Just like how virus can disable antivirus software.

                                      LOL, yeah, I realized that I must be "projecting potential attack vectors rather than established ones".

                                      1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender
                                        last edited by

                                        You run a Veeam server. It connects to the computer in question, pulls the data off, and sends it to the NAS. Only the Veeam server has creds to talk to the NAS. As long as the Veeam server isn't infected, the NAS is safe.

                                        The Veeam server should have really good creds, be behind a firewall that prevents all communication except that that is absolutely required.

                                        1 Reply Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller @crustachio
                                          last edited by

                                          @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                          @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                          @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                          @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

                                          I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

                                          OK, I'll grant that. So what's your recommendation? You said earlier to put backup software on a machine in front of the NAS. Now what? 😄

                                          /devilsadvocate

                                          It's an air gap, not quite as good as tape (physical air gap) but it is good.

                                          PC -> Backup Machine -> Storage

                                          The PC, no matter how compromised, has no permissions to the backup machine, the backup machine uses an agent or a pull method to get the data. Only the backup machine has access to the backup storage. The PC and the backup machine (server) share no credentials. So a compromise of the PC has no means of spreading to the Backup Machine.

                                          This is different than a binary on the PC which must contain the push credentials for the backup storage and, if compromised, takes the storage with it.

                                          1 Reply Last reply Reply Quote 0
                                          • crustachioC
                                            crustachio
                                            last edited by

                                            Oh right right. Derp. I was assuming we were talking about getting a hack on the backup host, but right, if it's on a user PC or whatever then yes, that gap is valuable.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 8
                                            • 9
                                            • 1 / 9
                                            • First post
                                              Last post