Search
Search titles only
By:
Search titles only
By:
Forums
New posts
Search forums
What's new
New posts
Latest activity
Feedback
View Statistics
Members
Current visitors
Buy Sell Trade
WTB
Log in
Register
Search
Search titles only
By:
Search titles only
By:
New posts
Search forums
Menu
Install the app
Install
Reply to thread
Forums
Technology
Computer Hardware
Suitable method for Backup of Data
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="reborn" data-source="post: 2400670" data-attributes="member: 98556"><p>I have been looking into this in some detail recently for backing up my files. Please note that I am still researching this topic, the following may not be entirely correct / up to date. I was primarily looking at backing up to OneDrive since I already have a subscription.</p><p></p><p>There are two threats to my data as I see it:</p><ol> <li data-xf-list-type="ol">What if my HDD crashes or I delete some files by mistake?</li> <li data-xf-list-type="ol">What if I get infected by ransomware?</li> </ol><p>The first one is relatively easy to handle. Backup data to a NAS or an external HDD with something like Veeam community. If you want cloud backup, you can use something like rclone / restic / Duplicacy. From what I read, these three seem to be the best supported / production ready software. There's also Kopia / Duplicati / Borg. All of them support encrypted backup.</p><p></p><p>Do note that sync is <strong>not </strong>backup - just syncing your files to OneDrive or using something like Cryptomator to sync your files won't work as backup . If you delete or overwrite a file by mistake OneDrive will happily modify the cloud copy. I think OneDrive provides file history of 1 month for some file types, but not entirely sure.</p><p></p><p>The second scenario is a lot harder to handle. A ransomware which sits quietly encrypting your data and you don't notice it for say 6 months or 1 year is a nightmare scenario for backups. OneDrive has built in ransomware protection, but I am not sure how good it is. They also only provide 1 month of history, so if their protection doesn't trigger and you don't notice the ransomware for 1 month or go on a vacation and don't check your email, your files are gone. Since I intend to upload only encrypted files to OneDrive, it is even less likely that their ransomware protection will trigger - its like choosing between two random data files at their end.</p><p></p><p>If you back your data to a local NAS share or external HDD, ransomware can easily encrypt those. If you use a cloud backup software to upload your backup, a smart ransomware can steal your credentials from your cloud backup software and log into your cloud storage and delete or encrypt your backups. I believe ransomware already does the former, and while I haven't heard of any ransomware doing the latter, its not hard to imagine a ransomware doing so once cloud backup becomes more popular. So currently as it stands, a cloud backup is probably sufficient to protect against ransomware, but for your most valuable data, you may want to go beyond that.</p><p></p><p>There are some mitigation techniques. You can run your backup software as a different user - you can't access it's files but it can access yours readonly. That way if your account gets compromised the ransomware cannot steal the cloud login credentials from your backup software. Windows inherently supports this through the Backup Operator user group. However if you are running as admin or the ransomware is able to obtain admin credentials then again its game over. You can also run the backup software on a separate computer, say a Raspberry Pi or your NAS, and have the backup software log into your PC and access your files. This is called a pull backup, and it is the most secure form of backup. In case you use a NAS and cloud backup both for 3-2-1 backup strategy, the cloud backup software should run on your NAS. Hopefully your NAS as a dedicated machine will be less vulnerable to ransomware infection.</p><p></p><p>Ideally what is needed is a append-only data storage location, be it a cloud or local server. Dedicated cloud backup services provide this, but OneDrive does not. Restic in server mode supports this in case you want to roll one locally.</p><p></p><p>Anyways, this is a long wall of text, and my research is still work in progress. TLDR is you <strong>absolutely need to plan for ransomware attacks</strong> when deciding on your backup strategy, not just HDD crash.</p></blockquote><p></p>
[QUOTE="reborn, post: 2400670, member: 98556"] I have been looking into this in some detail recently for backing up my files. Please note that I am still researching this topic, the following may not be entirely correct / up to date. I was primarily looking at backing up to OneDrive since I already have a subscription. There are two threats to my data as I see it: [LIST=1] [*]What if my HDD crashes or I delete some files by mistake? [*]What if I get infected by ransomware? [/LIST] The first one is relatively easy to handle. Backup data to a NAS or an external HDD with something like Veeam community. If you want cloud backup, you can use something like rclone / restic / Duplicacy. From what I read, these three seem to be the best supported / production ready software. There's also Kopia / Duplicati / Borg. All of them support encrypted backup. Do note that sync is [B]not [/B]backup - just syncing your files to OneDrive or using something like Cryptomator to sync your files won't work as backup . If you delete or overwrite a file by mistake OneDrive will happily modify the cloud copy. I think OneDrive provides file history of 1 month for some file types, but not entirely sure. The second scenario is a lot harder to handle. A ransomware which sits quietly encrypting your data and you don't notice it for say 6 months or 1 year is a nightmare scenario for backups. OneDrive has built in ransomware protection, but I am not sure how good it is. They also only provide 1 month of history, so if their protection doesn't trigger and you don't notice the ransomware for 1 month or go on a vacation and don't check your email, your files are gone. Since I intend to upload only encrypted files to OneDrive, it is even less likely that their ransomware protection will trigger - its like choosing between two random data files at their end. If you back your data to a local NAS share or external HDD, ransomware can easily encrypt those. If you use a cloud backup software to upload your backup, a smart ransomware can steal your credentials from your cloud backup software and log into your cloud storage and delete or encrypt your backups. I believe ransomware already does the former, and while I haven't heard of any ransomware doing the latter, its not hard to imagine a ransomware doing so once cloud backup becomes more popular. So currently as it stands, a cloud backup is probably sufficient to protect against ransomware, but for your most valuable data, you may want to go beyond that. There are some mitigation techniques. You can run your backup software as a different user - you can't access it's files but it can access yours readonly. That way if your account gets compromised the ransomware cannot steal the cloud login credentials from your backup software. Windows inherently supports this through the Backup Operator user group. However if you are running as admin or the ransomware is able to obtain admin credentials then again its game over. You can also run the backup software on a separate computer, say a Raspberry Pi or your NAS, and have the backup software log into your PC and access your files. This is called a pull backup, and it is the most secure form of backup. In case you use a NAS and cloud backup both for 3-2-1 backup strategy, the cloud backup software should run on your NAS. Hopefully your NAS as a dedicated machine will be less vulnerable to ransomware infection. Ideally what is needed is a append-only data storage location, be it a cloud or local server. Dedicated cloud backup services provide this, but OneDrive does not. Restic in server mode supports this in case you want to roll one locally. Anyways, this is a long wall of text, and my research is still work in progress. TLDR is you [B]absolutely need to plan for ransomware attacks[/B] when deciding on your backup strategy, not just HDD crash. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Technology
Computer Hardware
Suitable method for Backup of Data
Top
Bottom