this post was submitted on 02 Nov 2023
23 points (92.6% liked)

Sysadmin

7664 readers
103 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago
MODERATORS
DarraignTheSane@lemmy.world
00Lemming@lemmy.world
L3s@lemmy.world
23
Ransomware and Backups (lemmy.ml)
submitted 1 year ago by Lettuceeatlettuce@lemmy.ml to c/sysadmin@lemmy.world
11 comments fedilink hide all child comments
 

I'm confused about protecting backups from ransomware. Online, people say that backups are the most critical aspect to recovering from a ransomware attack.

But how do you protect the backups themselves from becoming encrypted too? Is it simply a matter of having totally unique and secure credentials for the backup medium?

Like, if I had a Synology NAS as a backup for my production environment's shared storage, VM backups, etc, hooked up to the network via gigabit, what stops ransomware malware from encrypting that Synology too?

Thanks in advance for the feedback!

you are viewing a single comment's thread
view the rest of the comments
[–] damium@programming.dev 2 points 1 year ago

If you want an automated system that can protect against ransomware your backups need to be hosted in some way where the backup server has control of the retention and not the client (NAS, local disk, etc are not sufficient). If your NAS supports automated snapshots that can't be deleted by the backup user it can mostly fill this gap but may need to be checked for how it handles snapshots when the disk fills.

For self-hosted solutions I've used BURP, Amanda, and Borg backup in the past but have switched to Proxmox backup server as my VMs all run in Proxmox. You still need to consider full disaster recovery scenarios where both your primary and backup system fail. For this PBS sports both tape and remote server replication.

There are also many cloud solutions that do this automatically. For cloud I would always use them in tandem with some kind of local backup.

For all of these they should have an admin account that has strong protection and doesn't share credentials with any of the primary systems.