ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Endpoint Block level backups to restore from Ransom-ware

    Scheduled Pinned Locked Moved IT Discussion
    19 Posts 8 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403
      last edited by DustinB3403

      This topic here got me thinking about the topic at hand, which essentially boils down to.

      Is it worth backing up every endpoint in your organization to reset from ransom-ware?

      I personally understand the thought process, backup everything, to restore everything for when ransom-ware strikes. But on the other hand, just considering the amount of data that would be generated and backed up nightly or hourly or whatever for this purpose makes me think that the entire process is insane.

      Has anyone else considered this? I know I haven't for the sheer amount of storage I'd need, plus the additional headache of having to ensure endpoint backups are running.

      I doubt I will either, I'd sooner just re-image the end user computer and tell them sorry, but that is what ransom-ware does.... f*s st up...

      1 Reply Last reply Reply Quote 1
      • Mike DavisM
        Mike Davis
        last edited by Mike Davis

        I have smaller clients that have Microsoft Server Essentials. (formerly SBS) It backs up their workstations by default. I usually put in a cheap drive in the server as a backup target and let it run. I backup the server data to the cloud, but not the workstation backup folder. On a small scale it works pretty well. Everything is contained in the server dashboard so it's clear that it's running, etc. It does some pretty good dedupe so it doesn't take up much space. This seems to work better than redirected folders. I think this was put in place more for users screwing up their desktop than recovering from a crypto infection, but it would work.

        I wish this functionality was available on Server Standard. With good dedupe, the backups wouldn't be terribly large. On the other hand, on most of the large networks, we have standardized hardware and images to deploy, so the nuke and pave approach would probably use the same amount of time.

        1 Reply Last reply Reply Quote 2
        • dafyreD
          dafyre
          last edited by

          As they said in the post you linked, "...I know user's shouldn't store stuff on their local drives..."

          If you have them a network share (or NextCloud, etc) set up to save documents to or you have folder redirection turned on, and they STILL manage to save stuff on their local machine... It's on them.

          Nuke and repave.

          1 Reply Last reply Reply Quote 1
          • DustinB3403D
            DustinB3403
            last edited by

            @Mike-Davis How many endpoints does this client have? At any scale beyond a handful I'd find this task completely insane to bother with personally...

            @dafyre Oh I get redirecting folders to a server that is backed up, which in essence does the same thing, without needing to run the backup from the endpoint directly.

            The storage is still used though, but if you're redirecting folders than it's purely on the user if they save stuff to the root of 😄 for example.

            Mike DavisM DashrenderD 2 Replies Last reply Reply Quote 1
            • Mike DavisM
              Mike Davis @DustinB3403
              last edited by

              @DustinB3403 said in Endpoint Block level backups to restore from Ransom-ware:

              @Mike-Davis How many endpoints does this client have? At any scale beyond a handful I'd find this task completely insane to bother with personally...

              The clients that have Server Essentials average about 7 endpoints. If you've never seen the Server Essentials dashboard, it's actually pretty clever. It creates that elusive "single pane of glass" that seems to be what Sysadmins have been looking for for years.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @DustinB3403
                last edited by

                @DustinB3403 said in Endpoint Block level backups to restore from Ransom-ware:

                @dafyre Oh I get redirecting folders to a server that is backed up, which in essence does the same thing, without needing to run the backup from the endpoint directly.

                Does the same thing as what? Backing up the whole endpoint?

                DustinB3403D 1 Reply Last reply Reply Quote 0
                • DustinB3403D
                  DustinB3403 @Dashrender
                  last edited by

                  @Dashrender said in Endpoint Block level backups to restore from Ransom-ware:

                  @DustinB3403 said in Endpoint Block level backups to restore from Ransom-ware:

                  @dafyre Oh I get redirecting folders to a server that is backed up, which in essence does the same thing, without needing to run the backup from the endpoint directly.

                  Does the same thing as what? Backing up the whole endpoint?

                  No, it protects the user files. Which is most often the goal, to reduce lost productivity by not having to reproduce work.

                  RobR 1 Reply Last reply Reply Quote 0
                  • RobR
                    Rob @DustinB3403
                    last edited by

                    @DustinB3403 Which locations would you include? Just document scrapes of My Docs / Downloads / Desktop? Full disk diff? Or that frustrating 'somewhere betwixt' region, including user-installed applications & associated system/registry data? Once heading down this road it's hard to know where to stop...

                    DustinB3403D DashrenderD 2 Replies Last reply Reply Quote 1
                    • stacksofplatesS
                      stacksofplates
                      last edited by

                      We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.

                      scottalanmillerS 1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller @stacksofplates
                        last edited by

                        @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                        We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.

                        Automounting is the bomb.

                        DashrenderD 1 Reply Last reply Reply Quote 2
                        • DustinB3403D
                          DustinB3403 @Rob
                          last edited by

                          @Rob said in Endpoint Block level backups to restore from Ransom-ware:

                          @DustinB3403 Which locations would you include? Just document scrapes of My Docs / Downloads / Desktop? Full disk diff? Or that frustrating 'somewhere betwixt' region, including user-installed applications & associated system/registry data? Once heading down this road it's hard to know where to stop...

                          Well the original topic is the entire drive, so the block device. The C drive, and any subsequent drives.

                          If I were to back up anything from an endpoint it would only be the default user safe locations. My Docs and Desktop (windows world here).

                          1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @Rob
                            last edited by

                            @Rob said in Endpoint Block level backups to restore from Ransom-ware:

                            @DustinB3403 Which locations would you include? Just document scrapes of My Docs / Downloads / Desktop? Full disk diff? Or that frustrating 'somewhere betwixt' region, including user-installed applications & associated system/registry data? Once heading down this road it's hard to know where to stop...

                            I folder redirect My Documents and Favorites. While the idea of Desktop is nice, it has caused me more issues than it's ever saved. Assuming you're online (which assuming you work in the office will be most of the time), the desktop is a folder on the server which is noticeably slower than the local one and frequently has issues installing from a network location.

                            In these situations, I try to go with the HR situation instead - HR policy says everything needed to be saved needs to be in My Documents.

                            1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @scottalanmiller
                              last edited by

                              @scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:

                              @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                              We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.

                              Automounting is the bomb.

                              Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?

                              stacksofplatesS scottalanmillerS 2 Replies Last reply Reply Quote 0
                              • stacksofplatesS
                                stacksofplates @Dashrender
                                last edited by stacksofplates

                                @Dashrender said in Endpoint Block level backups to restore from Ransom-ware:

                                @scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:

                                @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                                We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.

                                Automounting is the bomb.

                                Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?

                                The idea is the same. But the advantage on Linux/Unix is I can automount pretty much everything, including all of my applications. As long as everyone's path points to /apps or wherever you mount to they will run apps from there. Also since 90% of my system customization (themes, icons, etc) are in my home directory all of my customizations follow me as well (including my desktop 😛 )

                                DashrenderD 1 Reply Last reply Reply Quote 2
                                • stacksofplatesS
                                  stacksofplates
                                  last edited by stacksofplates

                                  Another thing autofs does is not mount the share until it's accessed. So if I log in and have an automount to /projects but never go in there it uses no resources. As soon as I type /projects it creates the mount on the fly. Then after I leave that directory it will auto unmount after a certain time.

                                  1 Reply Last reply Reply Quote 2
                                  • scottalanmillerS
                                    scottalanmiller @Dashrender
                                    last edited by

                                    @Dashrender said in Endpoint Block level backups to restore from Ransom-ware:

                                    @scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:

                                    @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                                    We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.

                                    Automounting is the bomb.

                                    Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?

                                    Not exactly. And so much more reliable.

                                    1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @stacksofplates
                                      last edited by

                                      @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                                      @Dashrender said in Endpoint Block level backups to restore from Ransom-ware:

                                      @scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:

                                      @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                                      We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.

                                      Automounting is the bomb.

                                      Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?

                                      The idea is the same. But the advantage on Linux/Unix is I can automount pretty much everything, including all of my applications. As long as everyone's path points to /apps or wherever you mount to they will run apps from there. Also since 90% of my system customization (themes, icons, etc) are in my home directory all of my customizations follow me as well (including my desktop 😛 )

                                      Yeah, while there are times I like the registry, I do at times long for the days of Windows 3.x and config files for apps. Super easy to migrate, etc.

                                      travisdh1T 1 Reply Last reply Reply Quote 1
                                      • travisdh1T
                                        travisdh1 @Dashrender
                                        last edited by

                                        @Dashrender said in Endpoint Block level backups to restore from Ransom-ware:

                                        @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                                        @Dashrender said in Endpoint Block level backups to restore from Ransom-ware:

                                        @scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:

                                        @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                                        We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.

                                        Automounting is the bomb.

                                        Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?

                                        The idea is the same. But the advantage on Linux/Unix is I can automount pretty much everything, including all of my applications. As long as everyone's path points to /apps or wherever you mount to they will run apps from there. Also since 90% of my system customization (themes, icons, etc) are in my home directory all of my customizations follow me as well (including my desktop 😛 )

                                        Yeah, while there are times I like the registry, I do at times long for the days of Windows 3.x and config files for apps. Super easy to migrate, etc.

                                        Even in the days of Windows 3.x and before, you still had a registry and regedit available. Just not so many reasons that you HAD to go change things in it.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @travisdh1
                                          last edited by

                                          @travisdh1 said in Endpoint Block level backups to restore from Ransom-ware:

                                          @Dashrender said in Endpoint Block level backups to restore from Ransom-ware:

                                          @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                                          @Dashrender said in Endpoint Block level backups to restore from Ransom-ware:

                                          @scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:

                                          @stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:

                                          We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.

                                          Automounting is the bomb.

                                          Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?

                                          The idea is the same. But the advantage on Linux/Unix is I can automount pretty much everything, including all of my applications. As long as everyone's path points to /apps or wherever you mount to they will run apps from there. Also since 90% of my system customization (themes, icons, etc) are in my home directory all of my customizations follow me as well (including my desktop 😛 )

                                          Yeah, while there are times I like the registry, I do at times long for the days of Windows 3.x and config files for apps. Super easy to migrate, etc.

                                          Even in the days of Windows 3.x and before, you still had a registry and regedit available. Just not so many reasons that you HAD to go change things in it.

                                          I remember needing it for sound cards.

                                          1 Reply Last reply Reply Quote 0
                                          • 1 / 1
                                          • First post
                                            Last post