Jump to content

I have a home network and I would like to add a NAS device for data backup programs files and etc


G+_Jordan Koupiaris
 Share

Recommended Posts

I have a home network and I would like to add a NAS device for data backup/programs/files and etc. Right now I store all my data on a separate USB 4TB drive connnect to my pc. How would you install a NAS device to your network and be able to protect your data and files from being comprised from Walware, Worms, Viruses and Ransonware. Basicall, how do you install a NAS device to your network?

Link to comment
Share on other sites

At a simple level it is just like a USB drive except connected via an Ethernet cable instead of USB. Connects to your router or switch. It becomes available to every computer on the network and not just the one it would have been connected to with USB.

 

As far as protecting it, you do it like any other drive on the computer. You need to not get infected in the first place and it won't end up on your NAS.

Link to comment
Share on other sites

I wonder??? Is there a way to 'disconnect' a nas or other server from the network so that any ransomware will have a harder time getting to it? For example, say your desktops are scheduled to backup to the nas ~11pm every night. The nas makes itself available from 10pm to 12am, reducing the window for evil things to happen. I do realize this thought is simplistic but, if ransomware can pivot from one computer to a nas in this way. There must be an effective way to accomplish this without placing a light timer on the mains to the nas.

Link to comment
Share on other sites

Probably the best way to secure your backup NAS is to disable SMB (mostly so you just don't try using it yourself) and transfer files over SFTP or using proprietary backup software. Some ideas of NON-SMB backup options:

CrashPlan can be run on most NAS hardware and should be free for P2P backups.

Syncthing or Bittorrent Sync.

rSync (I have no experience with it, but it's popular and appears to use SSH like SFTP).

 

Anything that Windows can cache credentials for has a higher chance of being at risk, so SMB/CIFS and even Webdav could be a problem. And, as David Peach? suggested, don't get bit and you won't have any problems.

 

As far as connecting one, it plugs I to your router or switch. Synology has software to find it on the network and I suspect QNAP does too, or any other way you can find the IP should work (FING on your smartphone, Angry IP Scanner on the computer, nmap, router logs...)

Link to comment
Share on other sites

Ben Reese that's the thing... What is to stop the bad guys from adapting to the next protocol that a common backup software employs? Or targeting specific nas boxes with full knowledge of its capabilities and possible services? Or hiding in the infected machine long enough to sniff the net traffic to dynamically adapt its attack?

 

Truth is the sky is the limit to what happens and when it happens. The only two questions are, how much damage can it do and, what can you do to limit that damage beforehand?

Link to comment
Share on other sites

If purchasing a NAS device, they will all come with some method to find it on the network and do some basic configuration like setting a static IP address (recommended), giving it a name, and changing the admin credentials. After that, they're generally web based so you just login with a web browser to do the rest of the configuration. That would generally include setting up user accounts, shares, permissions, and quotas. For example, each family member can be given private shares which only they can access and you can setup a family share that everyone can access.

 

As for keeping the files safe, you'll need a backup. If the only copy is on the NAS, that is insufficient. If you keep one copy on your USB hard drive and another is on the NAS, that's much better. However, you need to keep the backup itself safe. If the backup can be overwritten or deleted if your system is infected, that's not very reliable. To avoid that, the backup channel shouldn't be directly writable. Ben Reese?'s suggestions are good. Just keep in mind that synchronization tools will have very limited or no versioning mechanisms. With no versioning, you lose the previously backed up files as soon as the data is synchronized. Some synchronization tools will keep 30 days or so, but once that window passes, older versions are just gone. I suggest exploring purpose-built backup programs like Crashplan, which has a lot of flexibility.

Link to comment
Share on other sites

Jordan, the advice from the guys above is golden.

Their expertise is way above my pay grade. And I say RESPECT!

 

You have probably discerned that Synology and QNAP are highly recommended NAS setups.

 

As soon as a device is connected to your Home LAN it is susceptible to being damaged.

 

We are own worst enemy; try at all times to not make foolish mistakes. Avoid getting 'bit' in the first place.

 

There is no such thing as "Set it , and forget it".

 

Live by the cardinal rule of 3-2-1 for backups. No less than 3 copies (the original , plus two backups), on at least 2 different media (external HDD is a separate media), with at least 1 copy offsite.

'Crashplan' can help you with this.

Sequential backups in your offsite archive are advisable. If disaster strikes and a complete re-install is necessary, the last known unaffected sequential backup can be a life saver.

 

Now I know I will be admonished for this advice, because we all know that optical media is 'dead' , BUT....

One 'different' archive media I find truly comforting is the Millennium Disc (M-Disc). The blank M-Disc media is more expensive than your typical blank DVD media.

The blank M-Disc media has No chemical Dye layer!. The disc is reported to be a 'rock like' substrate composition.

The M-Disc burner etches physical pits into the disc surface.

This as close to a commercially produced 'stamped' disc as we are going to achieve, and is therefore archival quality; zero degradation over time. Just do not break or melt the disc.

The burned M-Disc is readable in any standard optical disc player.

To burn an M-Disc you will need an M-Disc capable BluRay burner ; typically LG brand.

 

Alternatively you might consider (staying with optical media as a backup method) burning to blank BluRay discs. In this case be careful to acquire the HTL manufactured discs because they contain a non-organic , copper-silicone dye layer. The less expensive blank BluRay discs are manufactured using a LTH process and have a standard ( a la' CDs ) chemical dye layer.

Link to comment
Share on other sites

Bill H. Sr. McMullen optical is not dead cds,dvds. (Blu-ray was dead from the start. Another topic). As i recall, optical media is immune to emp. Rotating magnetic drives and ssd's will eventually fail. Flash drives also wear out. Till something else comes along...

Link to comment
Share on other sites

Richard Craver The outside internet is often not you big issue. Once you have disabled/limited uPNP, there isn't a whole lot your clients can do unless it is initialized from the inside. The bigger issues often come from the mobile computers. Smartphones, tables, laptops are the culprits.

 

Any computer that jumps networks should be your most feared device. They're often joined to untrusted networks that have all sorts of crap floating around there. An more often than not, I find that security software is disabled at home and they go to these wild places and pick up something and then bring it home.

Link to comment
Share on other sites

Black Merc,

You are correct in that there is no magnetism involved in optical media. There is laser light involved, not magnetism; therefore immunity from EMP.

 

However, consumer grade CDs , DVDs , and some BluRays contain a chemical dye layer in the sandwich that is the disc. Let us picture this dye as a viscous ink.

This dye (there are about four different formulas of/for this dye, AZO may be the best formula) does degrade over time. There have been several studies of this problem, the DOD did a major study about ten years ago.

 

Tangentially, One traveler discovered (to his horror) an alga or bacteria which he had picked up in a jungle devoured the dye layer on discs he carried with him, thus destroying the notes/documentation which he had labored to enter via his laptop.

More importantly, the dye will degrade over time, bacteria or no.

 

Conversely, commercially manufactured 'product' discs have the 'pits' stamped into a layer of the disc, which is in turn covered over with a protective surface layer. No dye, no degradation over time.

Just be certain you do not gouge, break, or melt the disc.

 

If you really want to destroy a disc, attack the label side of the disc. The disc protective surface layer is thinnest/weakest on the label side. Sometimes it is only a layer of lacquer.

 

As long as I have an optical disc player, my M-Disc archive is kinda, sorta the 'something else' which has come along. That is until our personal computers can handle quantum mechanics. 'Quantum Entanglement' would seem to be synchronization taken to the extreme.

 

Link to comment
Share on other sites

Once you purchase a NAS, set it up, and get your backups working, you are going to have an available 4TB USB drive that you no longer need for your primary backups. Re-task that drive by connecting it to the NAS' USB port and use the NAS' built-in backup program to back up the irreplaceable data on the NAS to the USB drive at regular intervals. Then disconnect the USB drive and store it in a safe place, reconnecting it at intervals comfortable for you to update the backed-up data. As time goes by, add a second USB drive and rotate them out at regular intervals.

Link to comment
Share on other sites

Emma Shy what stops ransomware from watching what your machine does for a length of time... Takes all account information used in that time against you? Everything you accessed/logged into or the machine accessed/logged into for you is encrypted and lost.

Link to comment
Share on other sites

 Share

×
×
  • Create New...