Solved

Protect ISCSI used for Backup

Posted on 2014-01-06
4
460 Views
Last Modified: 2014-02-03
We had a business about ten minutes away get hit with Cryptolocker...and I read up where it can encrypt any files that are on any attached devices.
Which got me to thinking that we backup to an ISCSI target which appears as another drive letter to the system.  (Server 2008R2).

Is there a way top better protect the ISCSI target so it's not always online sitting there waiting to be hacked?

Thanks.
0
Comment
Question by:dougp23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Expert Comment

by:strivoli
ID: 39760355
I would protect the backup itself instead of the target. The best way is to encrypt the backup.
0
 
LVL 1

Author Comment

by:dougp23
ID: 39760924
Uhm..well the backup is on an ISCSI device, so let's say it appears as drive X to the system.  I encrypt the backup.  OK.  So now someone gets Cryptolocker and it encrypts my encrypted backup.  I'm still hosed....

I was wondering more along the lines if there is a way to write a short script that connects the ISCSI target just before backing up, and disconnects it just after backing up.
0
 
LVL 19

Accepted Solution

by:
strivoli earned 300 total points
ID: 39761360
You are right. But lets analyze how can a malware encrypt a file:
a. The malware runs with someone's account. It might be the user's who first launched the infected file or it might even be SYSTEM's account.
b. The file's permissions must allow encryption. By default "Everyone" can encrypt.

If you:
a. Run the backup with a special user and a strong password.
b. You allow only the special user to access the backup file (backup file permissions).
c. Encrypt the backup file.

If the above conditions are met, I can't imagine how can a malware encrypt such a file.

Anyway... I think there's a PowerShell command that allows you to connect/disconnect iSCSI targets. Sorry but I don't have it handy.
0
 
LVL 21

Assisted Solution

by:SelfGovern
SelfGovern earned 200 total points
ID: 39762334
You raise a good question.

Make sure none of your users have admin rights on the server.

Make sure admins do not use the server for any non-admin purposes.
And yes, that needs to be NOT ANY.  
If you haven't already, make sure that they have formal training on
security best practices.

Best practice would include sending your backups to at least one other
target -- for instance, a tape drive, so that the tape is not writable as a
file system, and can be moved offsite to protect against a site-wide
disaster.  This won't stop your iSCSI store from being encrypted, but it
will give you a second restore source and allow you to go back in time
to various points in time as necessary.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

VM backup deduplication is a method of reducing the amount of storage space needed to save VM backups. In most organizations, VMs contain many duplicate copies of data, such as VMs deployed from the same template, VMs with the same OS, or VMs that h…
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question