Comprehensive data protection for all workloads
Post Reply
Blue407
Enthusiast
Posts: 96
Liked: 11 times
Joined: Apr 12, 2016 2:14 pm
Full Name: Paul Thomas
Contact:

Simplest (almost) air-gapped backup options

Post by Blue407 » Feb 22, 2019 10:33 am

We currently backup to local disk, tape and a remote server.
Our primary backup server is getting low on disk capacity, I need to add some more external storage.

What are the sensible options that can provide an (almost) air-gapped backup?

Initial connectivity options for storage seem to be USB3, eSATA, iSCSI with direct Ethernet cable between storage and backup server, CIFS etc.

Are any of these easier to secure than the other? Can be configured to provide better security?
It seems the obvious time to consider this, when needing to purchase more capacity.

I am more concerned with somebody inadvertently getting Ransomeware onto their PC and it spreading on the network, than a hacker directly targeting us. We have tape backup physically out of the tape drive to cover that eventuality.

P.Tide
Product Manager
Posts: 5129
Liked: 443 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Simplest (almost) air-gapped backup options

Post by P.Tide » Feb 22, 2019 12:56 pm 1 person likes this post

Hi,
USB3, eSATA, iSCSI with direct Ethernet cable between storage and backup server, CIFS etc.
Non of those will help if a malware gains admin privileges. As a temporary measure until you get your tape device set up I'd suggest to try the following:

- Use either a shared folder or iSCSI target with authentication.
- Schedule a script in windows task scheduler that will:

1. automatically mount the target location in 5 minutes before the backup copy job interval is supposed to start
2. enable the BCJ
3. once the job is finished, the script should disable BCJ and unmount the target

Provided that the malware is not smart enough to actually parse scripts defined in a task scheduler and understand how to mount the remote storage, your secondary backups will be safe in the time period when the job is not working. However, if the malware activity kicks in while the job is working then you're probably screwed.

Thanks!

Post Reply

Who is online

Users browsing this forum: Chipman491 and 42 guests