Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Protect ISCSI used for Backup

Posted on 2014-01-06
4
Medium Priority
?
484 Views
Last Modified: 2014-02-03
We had a business about ten minutes away get hit with Cryptolocker...and I read up where it can encrypt any files that are on any attached devices.
Which got me to thinking that we backup to an ISCSI target which appears as another drive letter to the system.  (Server 2008R2).

Is there a way top better protect the ISCSI target so it's not always online sitting there waiting to be hacked?

Thanks.
0
Comment
Question by:dougp23
  • 2
4 Comments
 
LVL 20

Expert Comment

by:strivoli
ID: 39760355
I would protect the backup itself instead of the target. The best way is to encrypt the backup.
0
 
LVL 1

Author Comment

by:dougp23
ID: 39760924
Uhm..well the backup is on an ISCSI device, so let's say it appears as drive X to the system.  I encrypt the backup.  OK.  So now someone gets Cryptolocker and it encrypts my encrypted backup.  I'm still hosed....

I was wondering more along the lines if there is a way to write a short script that connects the ISCSI target just before backing up, and disconnects it just after backing up.
0
 
LVL 20

Accepted Solution

by:
strivoli earned 1200 total points
ID: 39761360
You are right. But lets analyze how can a malware encrypt a file:
a. The malware runs with someone's account. It might be the user's who first launched the infected file or it might even be SYSTEM's account.
b. The file's permissions must allow encryption. By default "Everyone" can encrypt.

If you:
a. Run the backup with a special user and a strong password.
b. You allow only the special user to access the backup file (backup file permissions).
c. Encrypt the backup file.

If the above conditions are met, I can't imagine how can a malware encrypt such a file.

Anyway... I think there's a PowerShell command that allows you to connect/disconnect iSCSI targets. Sorry but I don't have it handy.
0
 
LVL 21

Assisted Solution

by:SelfGovern
SelfGovern earned 800 total points
ID: 39762334
You raise a good question.

Make sure none of your users have admin rights on the server.

Make sure admins do not use the server for any non-admin purposes.
And yes, that needs to be NOT ANY.  
If you haven't already, make sure that they have formal training on
security best practices.

Best practice would include sending your backups to at least one other
target -- for instance, a tape drive, so that the tape is not writable as a
file system, and can be moved offsite to protect against a site-wide
disaster.  This won't stop your iSCSI store from being encrypted, but it
will give you a second restore source and allow you to go back in time
to various points in time as necessary.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

VM backup deduplication is a method of reducing the amount of storage space needed to save VM backups. In most organizations, VMs contain many duplicate copies of data, such as VMs deployed from the same template, VMs with the same OS, or VMs that h…
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question