Solved

Protect ISCSI used for Backup

Posted on 2014-01-06
4
437 Views
Last Modified: 2014-02-03
We had a business about ten minutes away get hit with Cryptolocker...and I read up where it can encrypt any files that are on any attached devices.
Which got me to thinking that we backup to an ISCSI target which appears as another drive letter to the system.  (Server 2008R2).

Is there a way top better protect the ISCSI target so it's not always online sitting there waiting to be hacked?

Thanks.
0
Comment
Question by:dougp23
  • 2
4 Comments
 
LVL 19

Expert Comment

by:strivoli
ID: 39760355
I would protect the backup itself instead of the target. The best way is to encrypt the backup.
0
 
LVL 1

Author Comment

by:dougp23
ID: 39760924
Uhm..well the backup is on an ISCSI device, so let's say it appears as drive X to the system.  I encrypt the backup.  OK.  So now someone gets Cryptolocker and it encrypts my encrypted backup.  I'm still hosed....

I was wondering more along the lines if there is a way to write a short script that connects the ISCSI target just before backing up, and disconnects it just after backing up.
0
 
LVL 19

Accepted Solution

by:
strivoli earned 300 total points
ID: 39761360
You are right. But lets analyze how can a malware encrypt a file:
a. The malware runs with someone's account. It might be the user's who first launched the infected file or it might even be SYSTEM's account.
b. The file's permissions must allow encryption. By default "Everyone" can encrypt.

If you:
a. Run the backup with a special user and a strong password.
b. You allow only the special user to access the backup file (backup file permissions).
c. Encrypt the backup file.

If the above conditions are met, I can't imagine how can a malware encrypt such a file.

Anyway... I think there's a PowerShell command that allows you to connect/disconnect iSCSI targets. Sorry but I don't have it handy.
0
 
LVL 20

Assisted Solution

by:SelfGovern
SelfGovern earned 200 total points
ID: 39762334
You raise a good question.

Make sure none of your users have admin rights on the server.

Make sure admins do not use the server for any non-admin purposes.
And yes, that needs to be NOT ANY.  
If you haven't already, make sure that they have formal training on
security best practices.

Best practice would include sending your backups to at least one other
target -- for instance, a tape drive, so that the tape is not writable as a
file system, and can be moved offsite to protect against a site-wide
disaster.  This won't stop your iSCSI store from being encrypted, but it
will give you a second restore source and allow you to go back in time
to various points in time as necessary.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Life is full of imperfections – we all know it. Sometimes bad things happen to people for no particular reason. As they say: “it happens”. All we can do is to find a way to make some unavoidable situations… avoidable. Every kind of hardware has i…
Replication has always been one of those technologies that people run scared from. The main reason is usually cost. When you think of replication, your mind drifts to solutions that replicate from one disk frame to another using block level technolo…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now