- Posts: 96
- Liked: 12 times
- Joined: Apr 12, 2016 2:14 pm
- Full Name: Paul Thomas
Our primary backup server is getting low on disk capacity, I need to add some more external storage.
What are the sensible options that can provide an (almost) air-gapped backup?
Initial connectivity options for storage seem to be USB3, eSATA, iSCSI with direct Ethernet cable between storage and backup server, CIFS etc.
Are any of these easier to secure than the other? Can be configured to provide better security?
It seems the obvious time to consider this, when needing to purchase more capacity.
I am more concerned with somebody inadvertently getting Ransomeware onto their PC and it spreading on the network, than a hacker directly targeting us. We have tape backup physically out of the tape drive to cover that eventuality.
- Product Manager
- Posts: 5230
- Liked: 450 times
- Joined: May 19, 2015 1:46 pm
Non of those will help if a malware gains admin privileges. As a temporary measure until you get your tape device set up I'd suggest to try the following:USB3, eSATA, iSCSI with direct Ethernet cable between storage and backup server, CIFS etc.
- Use either a shared folder or iSCSI target with authentication.
- Schedule a script in windows task scheduler that will:
1. automatically mount the target location in 5 minutes before the backup copy job interval is supposed to start
2. enable the BCJ
3. once the job is finished, the script should disable BCJ and unmount the target
Provided that the malware is not smart enough to actually parse scripts defined in a task scheduler and understand how to mount the remote storage, your secondary backups will be safe in the time period when the job is not working. However, if the malware activity kicks in while the job is working then you're probably screwed.
Users browsing this forum: Baidu [Spider], Bing [Bot] and 20 guests