August 11, 20214 yr Hello, New user here, and i was reading all around and got most of my questions answered. I set up a new server, Its for home use, basically long term storage of video files, computer backups, pictures, ect... Its made from an old computer i had laying around, I5 3740, 16gb ram, 2x 4Tb WD Blue drives. Was reading about ransomware, and really that is one of the few concerns i have about protecting the data in the server. My question is about access and users. If i set up two shares and two users. User1 has access to Share1 and User2 to Share2. Both shares are exported but hidden, and each share is configured secure, and to only allow read/write access by its one user. If User1 share is mapped to a computer, and that computer gets taken over by ransomware, I would imagine, because its mapped to User1 share, it will also get taken in the process. Is there any way for the ransomware to get into User2 share, being they are both contained on the same drives? OR is because its a separate share, with separate user rights, it will be protected? Thanks, Dan
August 12, 20214 yr Here is the scheme which I am using to address this basic issue as my storage situation is much the same as yours: https://forums.unraid.net/topic/58374-secure-writing-strategy-for-unraid-server-using-write-once-read-many-mode/#comment-572532 While it does not answer your question completely, it will provide you with a bit more background. Basically as I understand it, Ramsomware will do its thing on any file system that it has write access to from the infected computer (usually a Windows PC). In fact, the hackers would prefer that it do its thing on Network shares as the data stored only on the local hard drive of the inflected computer is usually of far less value to the organization/corporate targets that these slumbags are usually after. (They have to do the same amount of work to get $300 out of you as $300,000 out of a corporation with much deeper pockets!)
August 23, 20214 yr Author On 8/12/2021 at 7:48 AM, Frank1940 said: Here is the scheme which I am using to address this basic issue as my storage situation is much the same as yours: https://forums.unraid.net/topic/58374-secure-writing-strategy-for-unraid-server-using-write-once-read-many-mode/#comment-572532 While it does not answer your question completely, it will provide you with a bit more background. Basically as I understand it, Ramsomware will do its thing on any file system that it has write access to from the infected computer (usually a Windows PC). In fact, the hackers would prefer that it do its thing on Network shares as the data stored only on the local hard drive of the inflected computer is usually of far less value to the organization/corporate targets that these slumbags are usually after. (They have to do the same amount of work to get $300 out of you as $300,000 out of a corporation with much deeper pockets!) Appreciate the response, I've been doing some thinking and also some research on moving data from computers to the array in general and i believe (At least for my purposes) I've found a pretty secure way to do things. I've created a share where i would like to archive my files. I've set permissions to private and allowed read only access from my computers login credentials. I've also created a folder and named it "Sync" on my computers 2TB HDD. This is where i will keep a local copy of all my important files/folders on my computer for use, AND it will serve as a single location where i can pull from to update my archive on the unraid array. I've then used a plugin to create a network SMB share on unraid thats connected to the Sync folder on my computer, giving unraid Read Only access to that folder on my computer. I've written a script using rSync, that synchronizes the unraid array archive share, to the Sync folder on my computers HDD. So, My computer only has read access to the unraid server, AND and the unraid server only has read access to my computer. This is important because in this case, the server cannot make changes to my computer, and my computer cannot make changes to the server. Control of the files is done by adding, or deleting files from the Sync folder, and running the user script to sync the array to the computer using root credentials on the WebGUI, OR by using a schedule in the user script plugin. This leaves my files on the array easily accessible from windows, without leaving them exposed to write permissions. Does this sound like a pretty secure way of doing things? Anything i may possibly be overlooking?
August 23, 20214 yr 4 minutes ago, TurboStreetCar said: Does this sound like a pretty secure way of doing things? Anything i may possibly be overlooking? One problem! What happens if you happen to get hit by Ransomware on your PC. The files on your PC are encrypted by the Malware. Now your rSync script updates the files in the Sync folder on your server using those encrypted files. (By the way, this is a problem with all automated backup software unless you have a multi-backup rotation scheme in place!)
August 23, 20214 yr Author 3 minutes ago, Frank1940 said: One problem! What happens if you happen to get hit by Ransomware on your PC. The files on your PC are encrypted by the Malware. Now your rSync script updates the files in the Sync folder on your server using those encrypted files. (By the way, this is a problem with all automated backup software unless you have a multi-backup rotation scheme in place!) Well, Currently i run the Script manually through the webGUI, So i would know not to run it if all my files were encrypted on my PC. If it were on a schedule, id set it most likely to monthly, which would hopefully give me time to stop it in the case of an attack. Although, if i were attacked within hours of the monthly schedule, i agree it wouldnt help much. I likely wont need to update the array for months at a time, So i think this method is pretty solid. No computer would have write access to the array, and all writing to the array would require root credentials. I think this is a pretty solid method. I could create a second copy in a second share on the array, and rotate the schedule monthly to alternately update the copies, but i think that would just be a waste for my use case. Thanks so much!
August 23, 20214 yr You could setup the backup of the PC into a 'new'folder on the share that rSync would generate the name using the date. Then you could use the command line mc or the Krusader docker to manage these folders always keeping two or three as secondary backups. I am careful about what I put into 'My Documents' folder. I only want stuff there that I use regularly and is irreplaceable from any other source. So it is only about 30GB in size. (Media and photos are achieved very quickly to the server and not stored permanently on the PC. If I need to work on one of them, I transfer it back to the PC for that.) So I actually have more than a years worth of monthly backups on my PC at any one time.
August 23, 20214 yr Author Yea i keep it both on my computer and on the array. I know the rule of thumb for backup is 3 Places, 2 Local, 1 remote. Currently I'm on 2 local and 3 copies. In my computer i have my main OS SSD, a second SSD for media files, and a 2TB HDD. I backup the media on the second SSD to the 2TB, then archive that to the array. I plan on removing most of the media from the SSD, and only keeping files I'm using for editing and such on the SSD to keep the drive free. The remainder will stay on the 2TB and Array. Its tough to keep up with a good place/method to keep all this stuff! I Feel like I do it one way, then I'm like "no wait, let me do it this way instead" a month later. Haha
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.