1. Any separate storage device that is not directly write-accessible from compromised servers by industry-standard protocols (SMB, NFS) is "good enough" protection from CryptoLocker. But the storage device should use its own set of credentials (not from local directory, and not local accounts of the storage device).
I know this post is a bit dead but hoping to revive it and get some comments on what this actually means
It's from post #2 from Gustavo. I don't have my NAS joined to my domain, so why would one "not use local accounts of the storage device"? I have them configured as Veeam credentials for the SMB share I am using as a repository target for backup jobs.
Seems to me my options for authenticating are:
1 - Use local accounts (which I'm doing)
2 - Join my NAS to my AD domain (no thanks!!)
or 3 - Setup a separate LDAP server to authenticate my NAS only