Preventing our backup copies from being crypto-locked

VMware specific discussions

Preventing our backup copies from being crypto-locked

Veeam Logoby crazylefty » Sat Feb 11, 2017 12:35 am

We have just spun up a new DR site, and we've got backup copy jobs going to a nimble storage unit.
What would be the best way to prevent these backups, or any backups really, from being encrypted?
Right now the backup repository is a Server 2016 box that is iSCSI'd to the nimble array. Besides tight passwords, what is the best way to prevent these backup copies from getting encrypted and held for ransom?
crazylefty
Novice
 
Posts: 6
Liked: never
Joined: Thu Jun 30, 2016 7:06 pm
Full Name: Matt Hart

Re: Preventing our backup copies from being crypto-locked

Veeam Logoby Gostev » Sat Feb 11, 2017 4:50 pm

Schedule periodic Nimble storage snapshots on those LUNs storing backup files.
Gostev
Veeam Software
 
Posts: 21396
Liked: 2350 times
Joined: Sun Jan 01, 2006 1:01 am
Location: Baar, Switzerland

Re: Preventing our backup copies from being crypto-locked

Veeam Logoby tsightler » Sat Feb 11, 2017 8:56 pm

One of the things I like to suggest is that the target repo be outside of the domain of the rest of the network, just a standalone server. Then secure it using standard Windows hardening practices for any Internet exposed Windows server, disable all admin shares, etc. That way, even if cryptolocker manages to get access to run under a domain admin account, it will not have any access to that specific server unless it also hacks the Veeam DB and gets the password.
tsightler
Veeam Software
 
Posts: 4772
Liked: 1740 times
Joined: Fri Jun 05, 2009 12:57 pm
Full Name: Tom Sightler

Re: Preventing our backup copies from being crypto-locked

Veeam Logoby DaveWatkins » Sat Feb 11, 2017 10:17 pm

Personally I still really like to have my repo domain joined for general GPO inheritance, but I've removed Domain Admins from the local Adminstrators group and have only very select admin in that group. That effectively locks down the hidden drive shares (c$, d$ etc). You can also remove the file sharing exceptions from the windows firewall to remove that avenue completely.

Another option is to put it behind a dedicated firewall and only allow the proxies to get through and perhaps specific admin IP addresses for RDP
DaveWatkins
Expert
 
Posts: 252
Liked: 61 times
Joined: Sun Dec 13, 2015 11:33 pm


Return to VMware vSphere



Who is online

Users browsing this forum: Majestic-12 [Bot] and 11 guests