[ale] how do I make a virus proof nas?
Jim Kinney
jim.kinney at gmail.com
Tue Jan 8 22:54:06 EST 2013
Backup box is clearly running Linux. It is slammed shut firewall-wise until
backup time. It opens a port to a client system to push a script that shuts
down it's network except to the backup box. Then it calls the AV to run on
the client and send it's log to the backup box to verify clean.
Alternatively, a vm launches on the backup box that does a CIFS mount and
runs the AV tool that way. It then calls that client to begin backup to a
temp space on backup box. Second AV tool is run on each file in the backup
set then it's backed up to real backup solution space. Finally, client has
firewall returned to normal and backup box shuts down it's network again.
Better solution is to not get the virus in the first place by using a known
clean VM of the windows environment that is read-only. A snapshot is run as
a thin client environment using a Samba served user space. No user has any
admin privileges. The user space is scanned using a commercial AV tool
(F-Prot is an excellent choice) while in use and the storage area on the
Samba server is scanned again using a different tool. All network access is
controlled, filtered (or just plain denied). If the OS shows a virus, the
snapshot is tossed and a new copy produced for use.
On Tue, Jan 8, 2013 at 8:31 PM, Ron Frazier (ALE) <
atllinuxenthinfo at techstarship.com> wrote:
> Hi all,
>
> I'm considering making a mini nas to run backups on here at home. It
> would probably have 2 - 4 TB of storage. My router has 1 USB port, so I
> could just attach a HDD to that. Or, I could get something like a Buffalo
> Link Station which holds two drives and attaches to the router.
>
> The main concern I've always had about having backup media attached all
> the time is that, if a virus got into the machine, it could attack and wipe
> out the backup drive.
>
> So, I need to know how to make a virus proof nas, such that at least one
> partition on the device is accessible only to the backup software for
> write mode. I don't care if everything can read the backup file, but I
> only want the backup software to be able to add new files, write to them,
> or delete them.
>
> I need something that can run while Windows 7 is running and backup using
> the volume shadow copy service. I also need it to be able to back up the
> ext4 Ubuntu partition on the PC's HDD, either by reading the native file
> system or by using a sector by sector approach. This way, I can just let
> the backups run periodically on their own and not worry about malware
> affecting the backup.
>
> Any help is appreciated.
>
> Sincerely,
>
> Ron
>
>
> --
>
> Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
> Please excuse my potential brevity.
>
> (To whom it may concern. My email address has changed. Replying to former
> messages prior to 03/31/12 with my personal address will go to the wrong
> address. Please send all personal correspondence to the new address.)
>
> (PS - If you email me and don't get a quick response, you might want to
> call on the phone. I get about 300 emails per day from alternate energy
> mailing lists and such. I don't always see new email messages very
> quickly.)
>
> Ron Frazier
> 770-205-9422 (O) Leave a message.
> linuxdude AT techstarship.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
--
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130108/f663fee5/attachment.html>
More information about the Ale
mailing list