How to Secure Your Backup from Ransomware
Part I: Air Gaping
Air Gaping is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. By physically isolating a computer or local network of computers from the internet, you add an extra layer of protection. Systems such as classified military networks, nuclear power plant controls, medical equipment, and avionics all use Air Gap. Dispite this separation there are examples of attacks successfully jumping the air gap and infecting a system, such as Stuxnet (a U.S. and Israeli military-grade piece of malware that attacked the Natanz nuclear plant in Iran) or agent.btz, possibly Chinese in origin, which successfully jumped the air gap protecting the U.S. military networks. Bruce Schneier, a security technologist who has worked with Snowden’s NSA files lays out ten rules for maintaining a single air-gapped computer in an article he wrote for Wired.com.
How to set up a proper repository security policy
Part II: Proper security policies on repository
In many attacks, company user accounts are targeted. Most backups are configured to use a User account (john.doe) instead of a service account (Veeam_service). When the user account is hacked, there exists a possibility for the backup to become compromised using those same credentials. One way to avoid this vulnerability is to use a service account or even to use a different operating system for your backup repository. For example, if you use a Linux based repository, you will need to create an account that is able to write to the directory. Next, you will setup that account in your backup software to do the reading/writing. This prevents access to your backup repository even though the Windows account was compromised.
Part III The 3-2-1-1-0 Method:
- Three different copies of data;
- Data spread across two different media;
- One copy of the media off-site;
- One copy of the media offline; and
- No errors after a backup recoverability verification.
While all these methods will certainly decrease your chances of getting caught with a ransom, this is not an end all cure all for ransomware. Like many infections of the real world, ransomware has the ability to “mutate” and evade our defenses so new methods to combat these attacks are always in development. One of the best ways to prevent an attack is to have a dedicated security procedure in place. Maureen Data Systems can help you design and implement a security procedure to protect your data. Contact a member of our team today to get started on your security solution.
Want new articles before they get published?
Subscribe to our Awesome Newsletter.
Building out and maintaining your IT ecosystem doesn’t have to be a do-it-yourself project. MDS can help identify network issues, configure devices, and optimize your infrastructure to maximize efficiency and performance.
Our consultants are highly trained technology specialists that understand the complexities of multi-vendor environments and have the knowledge and skills to help your business become more agile, customer-focused and operationally efficient.