Gostev wrote:1. Any separate storage device that is not directly write-accessible from compromised servers by industry-standard protocols (SMB, NFS) is "good enough" protection from CryptoLocker. But the storage device should use its own set of credentials (not from local directory, and not local accounts of the storage device). Additionally, you want that storage device located off-site. Cloud Connect service provider is ideal for this, and we actually have a recent success story posted on this forum where Cloud Connect saved the user from CryptoLocker.
2. I personally always recommend using tape whenever possible as the last line of defense. Even if it just a monthly export. Tape is true read-only storage that is also much more reliable than disk. I saw tape backups saving companies from worst disasters so many times... and, I also saw every line of comprehensive disk-based protection strategy failing miserably, leaving users with unrecoverable data loss.
Users browsing this forum: Bing [Bot], Google [Bot] and 19 guests