For organizations in particularly sensitive fields – including national security, industrial, and financial services, where any intrusion or data compromise is unacceptable – preventing them becomes absolutely essential. In conjunction with a security expert, you should work with your networking folks to review the current network architecture to reduce the risk of something like this happening again.Data breaches and data loss are serious problems for any modern organization. Given you are a school district, you likely have a great deal of PIA (Personally Identifiable Information) on your servers. If your school district has not done so already, you should have a security expert take a good look and see if only the ransomeware got in. ![]() Don't forget, you need to keep good computer hygene on your workstation, too!ġ. You will also have to give your workstation access to the FreeNAS box (over TCP 443 (HTTPS), preferrably). If you are using SMB shares, then TCP 445 should work (if I remember correctly). Without those controls there is no barrier to access between the VLANs and subnets if there is routing between them.Ĭhat with the firewall folks and tell them that you need a way that the FreeNAS box needs to connect to the servers and but not the reverse. Hi - VLANs by themselves do nothing without firewall rules and/or ACLs (access control lists) between those VLANs. Ransomware will encrypt your servers, and you will backup your encrypted servers as scheduled, so you must use the snapshots to recover data.Īlso you want to make sure you keep snapshots around long enough to recover if nobody reports the ransomware for a few weeks. The important part is that the freenas snapshots are read-only, so the ransomware cannot encrypt them directly. Once they are on a freenas box you can use snapshots again to keep older versions of the exports, at least 6 weeks, more if you have the storage. I make sure to have snapshots for at least 6 weeks (sometimes 12 weeks) to make sure I have at least some clean snapshots if ransomware is reported.įor servers running inside VMs (for me its hyperV), I export all the VMs weekly using powershell and then copy them over to a freenas SMB share. I backup file servers by scheduling weekly rsync/robocopy to a freenas SMB share, then in freenas I schedule regular snapshots of the backed up data in case I need to recover from ransomware. What kind of data are you trying to backup on the windows servers? File servers or application services running on a VM? Like I said I have no idea on how to accomplish this so any and all help is welcome. The title describes what I am trying to do, an automated backup solution with an air gap so ransomware can not affect it. Here is what it is running on (spare server we have): I have VERY minute experience with FreeNas, but had some hands on with UnRaid but after some research I learned that FreeNas is a significantly better storage solution. Here we are 8 months later, in a department with no budget so I am looking for a free backup solution. ![]() We were "operational" in two weeks (two 80hour weeks, pay stops at 35 hours fyi) we just had no bells or whistles. Our saving graces are that the Director got our email moved to O365 and we had a DC left in Azure before the attack. As you can imagine I had my work cut out for me and 8 months later my plate isnt any lighter. ![]() Two weeks before school started we were hit with ransomware, this is only after me being in the field for just over a year. I am a Sys Admin for a school district, this is my first job in the IT field so I am definitely more of a Jr admin.
0 Comments
Leave a Reply. |