Solved

Protect ISCSI used for Backup

Posted on 2014-01-06
4
449 Views
Last Modified: 2014-02-03
We had a business about ten minutes away get hit with Cryptolocker...and I read up where it can encrypt any files that are on any attached devices.
Which got me to thinking that we backup to an ISCSI target which appears as another drive letter to the system.  (Server 2008R2).

Is there a way top better protect the ISCSI target so it's not always online sitting there waiting to be hacked?

Thanks.
0
Comment
Question by:dougp23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Expert Comment

by:strivoli
ID: 39760355
I would protect the backup itself instead of the target. The best way is to encrypt the backup.
0
 
LVL 1

Author Comment

by:dougp23
ID: 39760924
Uhm..well the backup is on an ISCSI device, so let's say it appears as drive X to the system.  I encrypt the backup.  OK.  So now someone gets Cryptolocker and it encrypts my encrypted backup.  I'm still hosed....

I was wondering more along the lines if there is a way to write a short script that connects the ISCSI target just before backing up, and disconnects it just after backing up.
0
 
LVL 19

Accepted Solution

by:
strivoli earned 300 total points
ID: 39761360
You are right. But lets analyze how can a malware encrypt a file:
a. The malware runs with someone's account. It might be the user's who first launched the infected file or it might even be SYSTEM's account.
b. The file's permissions must allow encryption. By default "Everyone" can encrypt.

If you:
a. Run the backup with a special user and a strong password.
b. You allow only the special user to access the backup file (backup file permissions).
c. Encrypt the backup file.

If the above conditions are met, I can't imagine how can a malware encrypt such a file.

Anyway... I think there's a PowerShell command that allows you to connect/disconnect iSCSI targets. Sorry but I don't have it handy.
0
 
LVL 21

Assisted Solution

by:SelfGovern
SelfGovern earned 200 total points
ID: 39762334
You raise a good question.

Make sure none of your users have admin rights on the server.

Make sure admins do not use the server for any non-admin purposes.
And yes, that needs to be NOT ANY.  
If you haven't already, make sure that they have formal training on
security best practices.

Best practice would include sending your backups to at least one other
target -- for instance, a tape drive, so that the tape is not writable as a
file system, and can be moved offsite to protect against a site-wide
disaster.  This won't stop your iSCSI store from being encrypted, but it
will give you a second restore source and allow you to go back in time
to various points in time as necessary.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix error ""Failed to validate the vCentre certificate. Either install or verify the certificate by using the vSphere Data Protection Configuration utility" when you are trying to connect to VDP instance from Vcenter.
A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question