[ale] how do I make a virus proof nas?

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Tue Jan 8 21:24:40 EST 2013


Hi Matthew,

Upon re reading my post, I noticed that my description was a bit vague.  
I'm mainly worried about the potential of a virus on the client machines 
that are being backed up.  I am pretty paranoid and take steps to 
prevent this.  However, say it happened.  So, the client gets a virus, 
the virus attaches to the remote nas, and the virus deletes the 
partitions, etc.

What you're describing sounds interesting but expensive.  I have a VERY 
minimal budget at the moment.  How much would something like that cost 
not including the hard drives?

Also, what software would run on the client PC's and how would it talk 
to the NAS?  How would we prevent things other than the backup software 
from accessing the backup partition on the NAS in write mode?

It would be OK if there was another partition that was accessible for 
general data storage.

Sincerely,

Ron



On 1/8/2013 8:55 PM, Matthew wrote:
> I can build a centos 6 disc that should do that. you can look into a 
> dedicated NAS box, which usually has its own prop OS, or 
> freenas/nas-lite.
>
> On building an OS, you will want to setup selinux, aide, anti-virus, 
> etc. and lock down the permissions. My scripts that I have for that, 
> can help, but if you go with something newer like fedora/ubuntu 
> builds, I am not sure they will. Setup PAM and other services to lock 
> things down. Actually one of my NAS systems here is a debian 6 box, 
> but all others are custom built centos. I do IA for a living, so 
> that's why the heavy rhel background.
>
>
> On Tue, Jan 8, 2013 at 8:31 PM, Ron Frazier (ALE) 
> <atllinuxenthinfo at techstarship.com 
> <mailto:atllinuxenthinfo at techstarship.com>> wrote:
>
>     Hi all,
>
>     I'm considering making a mini nas to run backups on here at home.
>      It would probably have 2 - 4 TB of storage.  My router has 1 USB
>     port, so I could just attach a HDD to that.  Or, I could get
>     something like a Buffalo Link Station which holds two drives and
>     attaches to the router.
>
>     The main concern I've always had about having backup media
>     attached all the time is that, if a virus got into the machine, it
>     could attack and wipe out the backup drive.
>
>     So, I need to know how to make a virus proof nas, such that at
>     least one partition on the device is accessible only  to the
>     backup software for write mode.  I don't care if everything can
>     read the backup file, but I only want the backup software to be
>     able to add new files, write to them, or delete them.
>
>     I need something that can run while Windows 7 is running and
>     backup using the volume shadow copy service.  I also need it to be
>     able to back up the ext4 Ubuntu partition on the PC's HDD, either
>     by reading the native file system or by using a sector by sector
>     approach.  This way, I can just let the backups run periodically
>     on their own and not worry about malware affecting the backup.
>
>     Any help is appreciated.
>
>     Sincerely,
>
>     Ron
>
>
>     --
>
>     Sent from my Android Acer A500 tablet with bluetooth keyboard and
>     K-9 Mail.
>     Please excuse my potential brevity.
>
>     (To whom it may concern.  My email address has changed.  Replying
>     to former
>     messages prior to 03/31/12 with my personal address will go to the
>     wrong
>     address.  Please send all personal correspondence to the new address.)
>
>     (PS - If you email me and don't get a quick response, you might
>     want to
>     call on the phone.  I get about 300 emails per day from alternate
>     energy
>     mailing lists and such.  I don't always see new email messages
>     very quickly.)
>
>     Ron Frazier
>     770-205-9422 (O)   Leave a message.
>     linuxdude AT techstarship.com <http://techstarship.com>
>
>
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
>
>
>
>
> -- 
> SimonTek
> 912-398-6704
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>    

-- 

(To whom it may concern.  My email address has changed.  Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address.  Please send all personal correspondence to the new address.)

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130108/167b2bf7/attachment.html>


More information about the Ale mailing list