12

I bought a NAS to share files and as backup solution.

Recently my netbook got infected by a ransomware. All files on the netbook and most of the file on the NAS were destroyed (the virus shuffles the first bits of the files). Fortunately my main PC was not attacked and since I do manual backups on portable HDD I lost anything.

But still, it frightened me since I think I could lost lots of data if it appeared on my main PC. Indeed if a backup is running when the files are being corrupted then I would backup corrupted data on the NAS!

So my question: is there a virusproof backup strategy?

Thank you for your help.

So after I read your answers, I now understand I need two solutions:

  1. Sync my data in a location that CAN be accessed by the clients so that I can share data between computers (I would call it the synced area)
  2. Then backup this synced area in a location that CAN'T be accessed by the clients

Finally my questions:

  1. Are those 2 assertions above enough to be safe?
  2. How to setup this solution with computers on windows and a Synology NAS?

Daniel Beck asked for more detail on my environment:

I have 2 PCs:

  1. The main desktop PC with which I do most of the stuff (sorting photos, accounting, etc.) It has HDDs big enough to contain all data I need to share and backup.
  2. The second one is a netbook. It has a small HDD, so it doesn't contain all data (for example no photos). But it is often used to edit some documents from the shared area. Sometimes I will create new data that I will manually save in the shared area.

At the moment, I do all copies on the NAS manually (I have no backup software).

My NAS is Synology DS211j, it hosts the shared data.

So I would like to:

  1. give access to the netbook to all data that is on the desktop PC even if it is shut down down
  2. Have a solution to protect my data from viruses.
  3. Set up an automated solution for all of that.

Thanks to the latest comment of Liori, here is what I would like to try:

  1. Reset my NAS set up from RAID with 2 HDDs to 2 separated volumes.
  2. Set up a synchro of data on volume 1 that will be seen by user.
  3. Use the Synology NAS time backup software, to backup shared volume 1 on backup volume 2. Volume 2 will NOT be seen by users.

If it is safe, I see a lot of advantages:

  • Even if it is not so good, I keep access to my data thru Internet.
  • The backup of data would be scheduled on the NAS, I don't need to let my computer on for backups.
  • I would have my data on 3 locations: main desktop PC + shared volume + backup volume (4 in fact with the manual backup on USB HDD). So I lost useless RAID, and I get secured backups on dedicated HDD.

Do you think it would work?

Thanks again!

Improve this question
2
  • 1
    Backup is different from syncing. Please explain how the two are related in your case.
    – Daniel Beck
    Commented Aug 5, 2012 at 22:04
  • Ok, it is more complicated than I thought. I am going to update the answer again.
    – Plouff
    Commented Aug 5, 2012 at 22:07

5 Answers 5

Reset to default
14

The solution is to keep a history of backups.

You can store one daily backup, say for the last seven days. Then one backup per week four times per month. This way, if the backup from yesterday had been saved in a bad state, you take the backup from the day before. Or you can take the backup from last week.

To save space you can either use a file system with supports deduplication, use hard links or store only the difference between the backup. Which solution is best, depends on your needs, setup and the software you run.

EDIT: You updated your question and added additional information.

As you already know, you have to separate the data from the backup. A backup is always redundant, if possible even more than one copy. I don't know your NAS solution and their backup software. But I can tell you how I solved this.

I use an old 300MHz system as backup server, which is connected to the file server (that would be your NAS in your configuration). Once per day the backup server switches on and pulls the backup from the file server and writes the data on its own hard drives. As backup software I use rsnapshot. No client computer has access to the backup server in any way. And it is only running for a short time per day.

This is only one possible solution out of many. The key points of a good solution are:

  • Keep a history of backups
  • A backup is always redundant
  • A backup is stored on different hardware (e.g. a second drive, not a second partition on the same drive)
  • The client computers must not have access to the backup
  • The backup should be as easy as possible, at best fully automatic
  • Depending on how often restores are expected, it should not be too big of a burden to restore the data
Improve this answer
8
  • I understand the need of history of backups but unfortunately, I don't think it would have prevent the ransomware to destroy data. I was maybe not accurate enough. But the ransomware had access to the NAS thru the netbook. And it destroyed the files on the NAS!
    – Plouff
    Commented Aug 5, 2012 at 21:34
  • 3
    Do it the other way round. The (possibly infected) clients should not have arbitry write access on the NAS. The backup server (might also run on the NAS) should pull the data from the clients and save it on the NAS.
    – Marco
    Commented Aug 5, 2012 at 21:52
  • Okay! I understand now! Is it possible to do things like that with a synology NAS?
    – Plouff
    Commented Aug 5, 2012 at 22:05
  • 1
    I'm afraid your answer misses one key point of that strategy: If you want to provide protection against altering of the backup by malicious software, you need to use different physical media for the old backups. If the user, as in this case, can't guarantee the integrity of the software on their computer, why should write permissions on the NAS be trusted? Malware might just steal the login credentials from a browser's password store or similar.
    – jstarek
    Commented Aug 6, 2012 at 7:02
  • I agree with you. It took me a little bit time to understand I need to separate shared data from backups. Could you tell me what you think of the last update of the question? Thank you!
    – Plouff
    Commented Aug 6, 2012 at 21:28
7

The only way to have virus-free backups is to have some sort of history: you have to store your backups for several days/weeks/monthes.

This don't garantee to be virus-free, but this garantee you can recover files before you discover a recent infection.

One very important thing about backups: the "client" computer must not have access to the backups.
This means this is the "server" computer which connect to the client and make the backup. Most backup program are not designed this way.
Another method is to remove backups from client's sight once done. But this is often done in a bad way, leading to no security increase.

Improve this answer
1
  • 1
    After I got hit by the ransomware, I tried to remove backups from client's sight by removing the NAS as network drive on all Windows machines. So at the moment I access my NAS thru the Windows address bar and I don't save the password. But I don't know if a ransomware is able to scan the network to find other location. If it is able to do it, then since Windows saves the password during the active session (even if you ask not to save password forever), the ransomware could access the NAS. Is there a simple way to apply what you said on Windows?
    – Plouff
    Commented Aug 5, 2012 at 21:42
5

What you mention seem to be multiple separate issues. One is easier to overcome (accidental deletes or backing up of bad data) than the other (targeted malware).

In increasing order of severity / effort to save your data:

  1. (Unnoticed) corruption of the data of one of your systems making it to the backup drive, deleting all the good data or replacing it with crap. Other answerers mentioned before, keep multiple generations. This saves you also from much more mundane issues, like software doing bad writes (I know people whose office software created broken, unreconverable files) without you noticing.

  2. Malware that breaks all files on all connected drives. This one is more difficult, because malware can just delete or render unusable all of the backup generations, given programmatic access to them. Keep multiple backup drives and regularly switch between them. Never connect them at the same time.

  3. Fires, burglary, lightning strikes, or a significant other who likes to throw (preferably expensive) things at you. Maintain multiple physical drives. Keep one of them off site at all times. Regularly switch between them to make sure both are reasonably up to date. Optionally, add an online backup solution you trust to the mix.

Of course, you can attempt to prevent some issues by e.g. keeping multiple backup generations and removing all write permissions to the files once they've been written, so malware cannot just overwrite them. I wouldn't rely on that, especially if you have malware problems already.

Improve this answer
1
  • I think you definitely identified and separated the issues. Thus I am going to update my question above.
    – Plouff
    Commented Aug 5, 2012 at 21:52
3

I'd like to suggest another solution.

Use a different system installation only for backups���preferably one which is really a different operating system. For example, you could make a USB drive (or actually install the secondary OS on the backup drive) with some Linux and use it to backup your primary operating system, which I guess is Windows.

Only connect the backup storage when that secondary OS is loaded.

This way a malware could destroy your backups only if it was prepared to work under two different operating systems, and this level of sophistication is very very rare (think Stuxnet-level sophistication).

Improve this answer
12
  • If you implement an overly complicated solution, as the proposed one, it's not unlikely that you don't backup as often as you should. A backup should be as easy as possible, in the best case fully automatic. A simpler solution would be to export the hard drive and let the backup server simply grab the data via LAN. This way the client (and its malware) does not need to have write access on the backup server.
    – Marco
    Commented Aug 5, 2012 at 19:36
  • I did it once and I don't deem it complicated. In my case I just prepared the backup OS on the external harddrive. One of the startup scripts started the backup itself, and when the backup is over, it turned off the computer. So all I had to do was to connect the hard drive, restart my computer and go to sleep. In my case the partitions on that hard drive were prepared so they wouldn't automount on the primary OS, so I actually could plug the backup drive without worrying much about safety of backups. It was the safest solution I could realize cheaply with just a hard drive, and no external PC
    – liori
    Commented Aug 5, 2012 at 19:55
  • I did not mentioned that I am speaking of a backup solution at home. Moreover I am not so fluent in IT. Your solution seems great, but difficult for me to set up. I am not sure I understood everything though.
    – Plouff
    Commented Aug 5, 2012 at 21:49
  • 1
    @Plouff: it might be good enough. If this thing: synology.com/dsm/home_backup_desktop_backup.php?lang=enu works even if the NAS is not mounted directly to your PC (and instead uses whatever is shared from the PC), then you will have a backup space which is not directly accessible by the PC. Ah, btw, you wrote you wanted to use the NAS also to “share files”—I'd advise against doing so for security, but if you still want to do it, make a distinct volume inside the NAS for sharing data, like on the screenshot here: synology.com/dsm/home_easy_setup_home_storage.php?lang=enu
    – liori
    Commented Aug 6, 2012 at 6:34
  • 1
    @Plouff: Sounds nice. One thing: it seems that you don't have to stop using RAID. According to this documentation: ukdl.synology.com/ftp/ds/userguide/x11-Series/…, chapter 4. — you can set up a “Disk Group” which does the RAID, and then create multiple volumes inside it.
    – liori
    Commented Aug 7, 2012 at 11:01
-1

The only true defense is to clone your NAS on a regular basis and keep at least 2 offline copies of the data in case the NAS is attacked or fails while cloning it. Considering how cheaply you can get multi terabyte drives this is actually alot more feasible than it used to be especially if your using a hot swap bay with bare drives instead of premade externals

Improve this answer
1
  • This appears to be more of a comment then an actual answer.
    – Ramhound
    Commented Oct 17, 2016 at 17:29

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .