Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Dismounting shares to protect against ransomware
05-16-2017, 07:38 AM
Post: #1
Dismounting shares to protect against ransomware
I use my 5N exclusively for storing backup, so it would be a distinct advantage to be able to disconnect the shares (I have a separate one for each computer being backed up, to avoid, hopefully, the risk of ransomware on one machine locking the backups of the other machines) until the backup job is run. Is there a way of allowing backup software to connect the share, run the backup job, and then disconnect it again? Typically, backup software will allow the user to specify jobs to be run before and after the backup. I can see that this would not be foolproof: a sophisticated ransomware attack could first detect the presence of a Drobo, and then see if it could connect the share itself. However, it sounds to me as if disconnecting the share is a useful first step in reducing the attack surface. Right now, the only way I can think of doing this is to shut the Drobo down until it's needed for the backup job to run, but of course any backup procedure that needs manual intervention is going to fail at some point when the operator forgets to turn the unit on at the appropriate time.

Or am I missing something in the way I've got the shares set up? Is it possible to set it up so that the backup shares are invisible to a ransomware attack?
Find all posts by this user
Quote this message in a reply
05-17-2017, 01:35 PM (This post was last modified: 05-19-2017 05:33 PM by Paul.)
Post: #2
RE: Dismounting shares to protect against ransomware
hi hpg,
as far as i know, if a program is able to get into the operating system, (like as an admin) it probably will be able to find out any info that an admin could access....

how feasible might it be for your process, to include 1 extra drive (at least until the current threats are patched etc), whereby your drobo would be off, yet an external drive would be ok for the daily or more regular backups (possibly including versioning if needed), and then at the end of the week, (or prefered time period), you could then manually put on the drobo, to back up all the new data from the external/regular ones (though first verifying that no good data will be overwritten by bad data)?

this way, if your computer or network hardware is clean from bad programs, then you could back up the new data, without putting your lastweeks data on the firing line of the bad programs. (admittedly also adding in another extra, manual step into the process, though which may be necessary in times of malware outbreaks?)

(btw i have XP home SP2, a Drobo v1 with 2x 1TB/2x 1.5TB WD greens, & a bkp Drobo v2 with the same + a DroboShare: unused)
& a DroboS v2 with 3xWD15EADS &2x1TB in DDR mode on win7, & a drobo5D (all usb)
  • btw i did a sustained (write) operation for about 6 hours, and got 13.2MB / sec ...objection? "sustained" :)
    (16.7MB/s on a v2 & 47-96MB/s drobo-s)
Find all posts by this user
Quote this message in a reply
05-18-2017, 11:14 AM
Post: #3
RE: Dismounting shares to protect against ransomware
Hi Paul

Yes, I take your point about the essential vulnerability of anything that's accessible to the OS. As you saw in my original post, I was wondering about the same point.

That's a pretty good idea of yours. I think that would work. It doesn't get around the problem that it's under manual control, with all the fallibilities that implies in terms of forgetting to keep on top of things, but in the absence of a way of managing the Drobo on the network such that it can be written to, and files on it can be curated to remove redundant copies, but the files on it can't be encrypted by another machine on the network, it's hard to see a better solution.

Thanks!
Find all posts by this user
Quote this message in a reply
05-19-2017, 06:23 PM (This post was last modified: 05-19-2017 06:24 PM by Paul.)
Post: #4
RE: Dismounting shares to protect against ransomware
thanks hpg,

there are some network experts on the forums too and hopefully there is some way to address this better. (actually, it wouldnt surprise me if a utility is already in the works, even 3rd party, since there seems to be a need for something like this, though just in case not, i added a quick post in the dev feedback section here:
http://www.drobospace.com/forums/forumdi...http://www.drobospace.com/forums/forumdisplay.
for this in case it can find a way into dashboard, though please also feel free to add or update anything further there in case needed)
http://www.drobospace.com/forums/showthr...http://www.drobospace.com/forums/showthread.php?

(btw i have XP home SP2, a Drobo v1 with 2x 1TB/2x 1.5TB WD greens, & a bkp Drobo v2 with the same + a DroboShare: unused)
& a DroboS v2 with 3xWD15EADS &2x1TB in DDR mode on win7, & a drobo5D (all usb)
  • btw i did a sustained (write) operation for about 6 hours, and got 13.2MB / sec ...objection? "sustained" :)
    (16.7MB/s on a v2 & 47-96MB/s drobo-s)
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: