S
S
SpideR-KOSS2019-01-25 11:01:24
linux
SpideR-KOSS, 2019-01-25 11:01:24

Windows and Linux against ransomware virus?

In the enterprise, the server runs on Windows Server.
Backups are saved to FTP under Linux.
This is done so that if the encryptor encrypts all data in Windows Server, the backups on the line will remain untouched.
The question is, is it? And will the encoder get through the network if, for example, you put Windows 7 instead of a tench, and also transfer backups there via FTP?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
D
Dmitry Shitskov, 2019-01-25
@Zarom

It also depends on how you then deal with backups on Lina. Otherwise, encrypted files can be successfully backed up there and good backups can be overwritten :)
It would be nice to use, for example, rsync (and its Windows versions).
Popular encryptors like to spread via SMB. By disabling SMB completely (well, actually, it is enough to disable vulnerable versions of the protocol), we greatly reduce its attack vectors. You also need to exclude the presence of any other methods of disk sharing on the protected machine (SMB, FTP, NFS, WebDAV, etc. can potentially be mounted, so you need to exclude the fact that such a share is mounted from the backup server).
Also, regular snapshots of the file system (shadow copies of Windows and LVM / BTRFS / ZFS snapshots of tench) can serve as a good layer of protection.

A
Artem @Jump, 2019-01-25
Tag

And will the encoder get through the network if, for example, you put Windows 7 instead of a tench, and also transfer backups there via FTP?
It shouldn't, usually one malware is tailored for one platform, but not a fact.
Only one user should have permission to write to the folder with backups - the one under which the backups are made. Under this user, do nothing except backups. All other users, including administrators, should not have write access to the backup folder.
On the server where backups are stored, it is advisable to move backups from a public folder accessible over the network to another one for long-term storage.

P
pfg21, 2019-01-25
@pfg21

if access to backups via samba (shared butts of windows) is made ridonly, then it will not climb. Well, except for a bunch of holes in the samba itself.
you still need to be able to extract the password to ftp from the config of your backuper (I guess cobian), I have not seen such support in viruses. so getting into FTP on the server in the file editing mode was also difficult.
Both protocols are independent of the system. You can change Linux to Windows, but why?? Linux will not catch a virus from Windows, it will not start, there are incredibly fewer viruses under the tench.
you don’t need to roll a barrel on FTP - a protocol that has been proven for decades. a bunch of serious servers still support file sharing via ftp.
the only negative is that encryption was not normally screwed up, ftp + ssl / tls was done, but for some reason it is not very common.
for a local network, in which it is unlikely that anyone will encroach on traffic, enough for the eyes.

L
lolowin32, 2019-04-29
@lolowin32

I used the free utility WinSCP, which organizes a session via the scp protocol from Windows to Linux, thereby not using samba. But as we have already noted above, encryption can occur before the backup file is sent to the backup server, so it is better to keep a pool of backups so as not to overwrite the previous ones. For example, for 1s databases it was per month, and sorted by months (so as not to produce a lot of backups), and for Windows servers there was a pool per week, that is, any backup for a week could be restored
. For linux, the rsync utility proved to be very good, well, for Windows, either standard Windows archiving, which I think few people use, Acronis, well, Veeam saw it.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question