Even if I didn't need a NAS to backup or share files, I'd have a Synology NAS to run Active Backup for Business to backup the 6 PC's around my home. ( Mine runs ABB every afternoon on all PC's if they are online). The ability to do a bare metal backup would be worth every penny for a 2 bay with a couple of drives. I have had a couple of PC's get completely borked over the years and the ability to get them operational in short order is priceless. I don't think enough people ask themselves what they would pay to be able to do that. That little NAS with drives is just not very expensive in comparison.
Connect with a separate user account to your smb shares, never use your admin account so you can login to DSM with different credentials and restore your snapshots.
If I didn't miss anything (which is quite possible), you forgot to point out some very important facts: After a ransomware infection of your PC, you'll still have to remove the infection (ideally, restore the compromised PC to a clean state from scratch), not only restore the files. Otherwise, you'll have to do the same procedure over and over again. If your NAS itself is compromised, I'm not quite sure how to deal with the situation. Usually, you'll also need to restore the OS & apps from scratch (without damaging the files), but I don't know how Synology's backup options (for the NAS itself) can handle that.
You simply cannot rely to the NAS backup solutions, such as snapshots, alone. The snapshots have a good potential to get you out of the misery in case of a compromised storage share, but if even the NAS OS is compromised, then your NAS is to be considered as completely compromised thus all backups within it considered useless. In such a case you will have to rely on a seperate backup solution, e.g. immutable or external devices like RDX or Tapes (rotating drives). A plan B is always good, but you should protect and enhance your infrastructure too, to avoid, or reduce risk for such a mess in the first place. Remember, the security within your IT infrastructure is as strong as the weakest member in it. This can be anything, from a device, an app, or even a person.
Good point. It would be interesting on how to handle such maleware. Because I dont want to access an infected NAS via any other computer. The reset button probably will not be enough?
@@benalthof The computer you try to access the NAS with is much more likely to be infected than the NAS itself. Most malware targets Windows computers, and I have yet to find any mentions of Windows malware that spreads to Linux (or other *nix) systems over the network. That, and the most common entry points for malware are (1) the users install it themselves, most often via 'cracked' software, (2) email attachments or scripts, and (3) drive-by downloads while browsing. All of which is usually done on a client PC, not a server. Therefore you should take care of the infected PC first, and only accesss the NAS again with a known-clean PC.
Every once in a while, I'll buy a used HDD and copy/paste all of my docs, pics, and files, etc. onto the drive. And then use a label maker to slap a date on it. And just store it away as a redundant backup. And do that every so often. This helps protect against ransomware and provides redundant backups for my up to date backups in case something were to happen like ransomware.
It's good to every once in a while, buy a used HDD and copy/paste all your photos/docs/files etc. onto them and write the date down and just store it away. As a way to protect from ransomware. Or if you accidentally delete something and don't find out about it until a while later.
These are great videos.. Thank you for all the time you put in to make them. They are very informative. I'm struggling however to figure out the best way to upgrade my 2 DS1819+ devices to BTRFS. I'm almost sure they are not currently BTRFS though I'm unsure where to look to be certain. Each of these 2 devices has over 30TB of data on them.. They are backed up to each other, but nervous about trusting the backup. How is the best way to accomplish this?
Hello, From what I understand, is this similar to a Time Machine system? That is, if I make a Time Machine backup every hour, will this increase the disk space a lot, just like it does on the NAS? With the snapshot system, do you think it is necessary to protect the files and folders on the NAS with a WriteOnce (WORM) system or is it not necessary to have both things activated? Thanks!
Hi i had to make a downgrade from a broken 1621+ to a 920+ with the hdd migration option, i have 5 shared folders in the volume but 1 of them (the bigger one) i now as Read Only folder and won't let me any changes, is there anything you know to change this? i have been searching the web and docs for days but i can't make it work, ewven with the admin user i don't have permisions to make changes, but the active backup for office 365 keep doing the task and writes in that folder with no problem. thanks
I don't think he says that, because this is quite well possible. There is a difference whether your NAS OS itself gets compromised, or just the files within the storage shares. The snapshots will probably get you out of the misery if only the storage shares are compromised (however, there is still a chance that the snapshots are also compromised, if the snapshots were taken when the files were already compromised). If your NAS OS is compromised, then you can pretty much consider your whole NAS including the snapshots to be compromised as well. In such a case, the best way to restore your files is from another backup solution. Relying only on the NAS Backups is not recommended, depending on the importance of your files. The best way to keep your NAS protected is to have strong passwords, different users (for shares and admins), keep your NAS updated, and don't buy a NAS from qnap or with an intel CPU, because they have a lot of vulnerabilities that can be exploited. You can also set your NAS in its own subnet and use IPS Firewalls between the subnets to keep the network shares monitored within the active layers itself. However, an absolute protection is still not guaranteed. There is always a risk somewhere to get compromised. All you can do is reduce this risk as best as possible and have backup plans in case your protection fails.
Keep in mind that you always have to identify your infected Computer. If you roll back your changes and the PC is still infected, it will encrypt again.
This is why a few years ago, I'm glad I bought a few used laptops to keep around just to have as backup in case ransomware on my main computer or something else like my main computer breaking down or the screen going out, etc.
ZFS snapshots are read only. You can delete them if you get root access on the NAS. Btrfs does read-write and read-only snapshots. Almost the same story, you need to keep the NAS's management access isolated and the software updated. Backup software is also targeted (Veeam had a recent high score bug).
@@valkaielod No idea what you are saying but the reality is that NAS from famous brands have been compromised despite snapshot backup are already in place. Besides, many have reported that especially for RAID 5, the unsuccessful rate is quite high. Stick to read only media bro.
@@liameneuk Read it again and try to understand. Read only media is fine as a second or third backup, but few will deal with the hassle. Snapshots are a very good way to deal with 90%+ of issues and they also work as a centralized recycle bin. I am aware of NAS manufacturers being targeted directly. Usually they exploit old software or configuration errors.
Even if I didn't need a NAS to backup or share files, I'd have a Synology NAS to run Active Backup for Business to backup the 6 PC's around my home. ( Mine runs ABB every afternoon on all PC's if they are online). The ability to do a bare metal backup would be worth every penny for a 2 bay with a couple of drives. I have had a couple of PC's get completely borked over the years and the ability to get them operational in short order is priceless. I don't think enough people ask themselves what they would pay to be able to do that. That little NAS with drives is just not very expensive in comparison.
Connect with a separate user account to your smb shares, never use your admin account so you can login to DSM with different credentials and restore your snapshots.
Thank you I loved this video! I finally got snapshots set up on my NAS.
SpaceRex is a Godsend!
If I didn't miss anything (which is quite possible), you forgot to point out some very important facts: After a ransomware infection of your PC, you'll still have to remove the infection (ideally, restore the compromised PC to a clean state from scratch), not only restore the files. Otherwise, you'll have to do the same procedure over and over again. If your NAS itself is compromised, I'm not quite sure how to deal with the situation. Usually, you'll also need to restore the OS & apps from scratch (without damaging the files), but I don't know how Synology's backup options (for the NAS itself) can handle that.
You simply cannot rely to the NAS backup solutions, such as snapshots, alone.
The snapshots have a good potential to get you out of the misery in case of a compromised storage share, but if even the NAS OS is compromised, then your NAS is to be considered as completely compromised thus all backups within it considered useless.
In such a case you will have to rely on a seperate backup solution, e.g. immutable or external devices like RDX or Tapes (rotating drives).
A plan B is always good, but you should protect and enhance your infrastructure too, to avoid, or reduce risk for such a mess in the first place.
Remember, the security within your IT infrastructure is as strong as the weakest member in it. This can be anything, from a device, an app, or even a person.
Good point. It would be interesting on how to handle such maleware. Because I dont want to access an infected NAS via any other computer. The reset button probably will not be enough?
@@benalthof The computer you try to access the NAS with is much more likely to be infected than the NAS itself. Most malware targets Windows computers, and I have yet to find any mentions of Windows malware that spreads to Linux (or other *nix) systems over the network. That, and the most common entry points for malware are (1) the users install it themselves, most often via 'cracked' software, (2) email attachments or scripts, and (3) drive-by downloads while browsing. All of which is usually done on a client PC, not a server. Therefore you should take care of the infected PC first, and only accesss the NAS again with a known-clean PC.
Every once in a while, I'll buy a used HDD and copy/paste all of my docs, pics, and files, etc. onto the drive. And then use a label maker to slap a date on it. And just store it away as a redundant backup. And do that every so often. This helps protect against ransomware and provides redundant backups for my up to date backups in case something were to happen like ransomware.
@@colt5189 isn't a hdd which doesn't spin for a long time eventually becomes more prone to fail?
Thank you for the quick security measures. I really appreciate it.
It's good to every once in a while, buy a used HDD and copy/paste all your photos/docs/files etc. onto them and write the date down and just store it away. As a way to protect from ransomware. Or if you accidentally delete something and don't find out about it until a while later.
These are great videos.. Thank you for all the time you put in to make them. They are very informative. I'm struggling however to figure out the best way to upgrade my 2 DS1819+ devices to BTRFS. I'm almost sure they are not currently BTRFS though I'm unsure where to look to be certain. Each of these 2 devices has over 30TB of data on them.. They are backed up to each other, but nervous about trusting the backup. How is the best way to accomplish this?
Thank you! If the Ransomeware Script is still running (i.e., if my NAS is still infected), how do we smoke out and remove the infection?
Hello,
From what I understand, is this similar to a Time Machine system? That is, if I make a Time Machine backup every hour, will this increase the disk space a lot, just like it does on the NAS?
With the snapshot system, do you think it is necessary to protect the files and folders on the NAS with a WriteOnce (WORM) system or is it not necessary to have both things activated?
Thanks!
Hi i had to make a downgrade from a broken 1621+ to a 920+ with the hdd migration option, i have 5 shared folders in the volume but 1 of them (the bigger one) i now as Read Only folder and won't let me any changes, is there anything you know to change this? i have been searching the web and docs for days but i can't make it work, ewven with the admin user i don't have permisions to make changes, but the active backup for office 365 keep doing the task and writes in that folder with no problem. thanks
What you're also implying is that the NAS OS files can't ever be encrypted by malware, only the shared folder files, right?
I don't think he says that, because this is quite well possible.
There is a difference whether your NAS OS itself gets compromised, or just the files within the storage shares.
The snapshots will probably get you out of the misery if only the storage shares are compromised (however, there is still a chance that the snapshots are also compromised, if the snapshots were taken when the files were already compromised).
If your NAS OS is compromised, then you can pretty much consider your whole NAS including the snapshots to be compromised as well.
In such a case, the best way to restore your files is from another backup solution. Relying only on the NAS Backups is not recommended, depending on the importance of your files.
The best way to keep your NAS protected is to have strong passwords, different users (for shares and admins), keep your NAS updated, and don't buy a NAS from qnap or with an intel CPU, because they have a lot of vulnerabilities that can be exploited.
You can also set your NAS in its own subnet and use IPS Firewalls between the subnets to keep the network shares monitored within the active layers itself.
However, an absolute protection is still not guaranteed. There is always a risk somewhere to get compromised. All you can do is reduce this risk as best as possible and have backup plans in case your protection fails.
Thank goodness for crypto! How else would hackers evade authorities?
Keep in mind that you always have to identify your infected Computer. If you roll back your changes and the PC is still infected, it will encrypt again.
This is why a few years ago, I'm glad I bought a few used laptops to keep around just to have as backup in case ransomware on my main computer or something else like my main computer breaking down or the screen going out, etc.
Snapshot is useless, see qnap. Ransonwares can still see where the shotshots are and will infect them too.
ZFS snapshots are read only. You can delete them if you get root access on the NAS. Btrfs does read-write and read-only snapshots. Almost the same story, you need to keep the NAS's management access isolated and the software updated. Backup software is also targeted (Veeam had a recent high score bug).
@@valkaielod Plenty of folks who managed reasonably their qnap still got infected, i am staying with read only media.
@@valkaielod No idea what you are saying but the reality is that NAS from famous brands have been compromised despite snapshot backup are already in place. Besides, many have reported that especially for RAID 5, the unsuccessful rate is quite high. Stick to read only media bro.
@@liameneuk Read it again and try to understand. Read only media is fine as a second or third backup, but few will deal with the hassle. Snapshots are a very good way to deal with 90%+ of issues and they also work as a centralized recycle bin.
I am aware of NAS manufacturers being targeted directly. Usually they exploit old software or configuration errors.