How to protect the NAS from ransomware attacks?

Star-Dust

Expert
Licensed User
Longtime User
I am about to buy a NAS and would like to understand how to protect it from viruses and ransomware attacks?

Do you have any suggestions? Be simple, I am slow to understand
 
D

Deleted member 103

Guest
I am about to buy a NAS and would like to understand how to protect it from viruses and ransomware attacks?

Do you have any suggestions? Be simple, I am slow to understand
I can only write how my solution looks like, whether it is the best I can not say.
My NAS is connected to my Fritzbox.
The NAS has several shares that can be mounted from PC as drives.
These drives are mounted but only for the time when a backup should be made.
As far as I know, a virus examines all PC drives and since the NAS shares are not mounted can not make the virus.
I know that this is not the best solution, but it is better than nothing.
 

LucaMs

Expert
Licensed User
Longtime User
NAS as Network Attached Storage
or
NAS as Network Access Server?

I'm probably wrong but I think you are talking about two different things.
 

Lello1964

Well-Known Member
Licensed User
Longtime User
I never mount drives, not even temporarily. The backup software makes the copy in a programmed way, through username and password, without ever connecting the units to the system. I hope it is the safest solution.
 

Gabino A. de la Gala

Well-Known Member
Licensed User
Longtime User
I have a Synology DS218play with 2 disk of 3 tb.
I use it to backup pc documents, as cloud server. Internally I do a backup daily to the other disk and once a week to a USB disk.
 
D

Deleted member 103

Guest
I never mount drives, not even temporarily. The backup software makes the copy in a programmed way, through username and password, without ever connecting the units to the system. I hope it is the safest solution.
For saving I use a simple batch file.
Batch file content:
1. mount drives
2. run backup with RoboCopy
3. unmount drives
 

Lello1964

Well-Known Member
Licensed User
Longtime User
For saving I use a simple batch file.
Batch file content:
1. mount drives
2. run backup with RoboCopy
3. unmount drives

when you mount the drive if you have ramsware in your system, your nas will get infected too.
 

tchart

Well-Known Member
Licensed User
Longtime User
Most ransomware trawls the network looking for visible shares on visible devices. While my Synology Nas has shares they are not discoverable. So you need to know the path plus user/password to access them.

Better than nothing I guess.
 

Num3

Active Member
Licensed User
Longtime User
I have this setup:
Dual Raid 4TB nas with 10Gb memory.

NAS is running a Docker Nextcloud instance, with the storage files kept in a secure (system only) directory on the NAS, outside any shares.
NAS has Virus Scanning enabled.

All PC's have nextcloud client installed and sync from/to their nextcloud home account / shared directories, this is the main backup form, because Nextcloud by default is configured to keep several versions of every file.
If something goes wrong I log to Nextcloud, delete any infected files and restore the previous versions, later and after the infection is stopped, all clean files get synced back to their PC's.

I also run SyncBackFree (windows) to push directly to the NAS Storage copies of my work directories, weekly and monthly. But this method has no file versioning, so if any files get infected they will be copied and will replace any good copies on the NAS (if the virus scan allows it of course).
I had no incidents until today and the nas has been running for 3 years.

I also advised every user, that if their PC ever gets infected I will kick them of the house and put all clothes in plastic bags, and that seem to have worked well
 

Star-Dust

Expert
Licensed User
Longtime User
lastly here of the NAS does not solve the ramsonware problem
 

amorosik

Expert
Licensed User
I am about to buy a NAS and would like to understand how to protect it from viruses and ransomware attacks?

Do you have any suggestions? Be simple, I am slow to understand

The danger lies in the activated services and in the sharing of discs
I would recommend disabling all unnecessary services, and disk sharing via smb, nfs, cifs, etc ...
I would only activate ftp servers on the nas, with a modified port compared to the classic tcp 21, for example you could use a tcp 21212
Then I would use on a PC that needs to make backup copies, a program that allows the transfer via ftp with a destination (the Nas) protected by user/password
Even if a virus completely ruin the file system of a single pc, it is impossible for an automatic system to detect the user/password of the program used for backups
Since you are analyzing the problem, I advise you to create a program to make backup copies with access via ftp to the destination, and distribute it on the forum
So we (the 'Scarsotti gang') can have a procedure that is certainly not recognizable by any malware with 'backup programs' archive
 

amorosik

Expert
Licensed User
lastly here of the NAS does not solve the ramsonware problem

Obviously, after performing a firmware update, the nas must not be 'visible' from the external network
And therefore the default gateway will NOT be present in the network configuration
 

amorosik

Expert
Licensed User
For saving I use a simple batch file.
Batch file content:
1. mount drives
2. run backup with RoboCopy
3. unmount drives

Between point 1 and point 3, every malware can destroy the files on nas
If you put your ear close to your nas you will hear low-volume screams "let's go, go on, go on ..."
It's the viruses trying to get in ?
 

Magma

Expert
Licensed User
Longtime User
Last years I am selling and using NAS from Synology... they are super fast (quad core series) - they re having super wow OS (linux like) - very easy... and many many many many add-ons !!!

I like the following setup:
one ssd samsung 512GB + 3 red wd... 2tb ... 4tb any you want

The ssd wanted for fast communication with client when backuping !!!
Synology Time Backup... this the key backup the ssd to the others disks different days/hours cycle for 6 months...

So in case you have a problem you can go back to the date you want... (something like time-machine, or windows protection)

but ofcourse a good Antivirus I/S like Kaspersky always help... too
 
D

Deleted member 103

Guest
Between point 1 and point 3, every malware can destroy the files on nas
If you put your ear close to your nas you will hear low-volume screams "let's go, go on, go on ..."
It's the viruses trying to get in
This can not happen, all my data is stored on the PC in a local drive. If a virus destroys the data, I notice it immediately, because I work with the data every day. And if the data is destroyed, I don't start a backup. So the NAS backup can't be destroyed either.

I have been using my NAS(Buffalo LS210D0301) for 7 years and have never had any problems with viruses.
The only antivirus I use is Windows Defender, and it does its job very well.
Of course, as a good PC user, you have to know what you are clicking on, and not just click on everything that is offered to click on.
Then you have no problems with any virus.
 

Lello1964

Well-Known Member
Licensed User
Longtime User
?‍
 

Star-Dust

Expert
Licensed User
Longtime User
The question is simple.

Sometimes I try other applications for work reasons. This is a risk, whoever gives me a sw may not know that it is the vehicle of a viral infection. But the damage done does not take into account good faith.

So solve the problem with a nat? Better an ftp server? A password synchronization system?
 
D

Deleted member 103

Guest
Then it is better to test it in a virtual environment, like VMware.
 

coldtech

Member
Licensed User
Longtime User
One of my 45drives boxes running TrueNAS I have an SMB share that is mounted as a WORM. I dump my SQL Server backups to that. 5 minutes after the backup completes they are read only even to the domain admin. Only way to access them is to get root on the TrueNAS box. I have a cron job that cleans backups older than 5 days. I also have an additional 45drives box offsite thru a epl line to offsite storage. In addition I have S3 storage to accept Veeam snapshots and a couple other fail safes. I got REviled last year and don't wish to go through that again
 
Cookies are required to use this site. You must accept them to continue using the site. Learn more…