[ale] how do I make a virus proof nas?

Matthew simontek at gmail.com
Tue Jan 8 23:14:46 EST 2013 

Also you can windows back up to a linux box just find. My windows box does.

On Tue, Jan 8, 2013 at 11:13 PM, Matthew <simontek at gmail.com> wrote:

> I use this as my NAS server:
> http://www.newegg.com/Product/Product.aspx?Item=N82E16859107052
>
> naslite is cheap, freenas is free.
>
> Dedicated NAS purpose built:
>
> http://www.newegg.com/Product/ProductList.aspx?Submit=Property&Subcategory=124&Description=&Type=&N=100008175&IsNodeId=1&IsPowerSearch=1&srchInDesc=&MinPrice=&MaxPrice=&PropertyCodeValue=5027%3A35284&PropertyCodeValue=5027%3A123972&PropertyCodeValue=5027%3A35282&PropertyCodeValue=5490%3A46252&PropertyCodeValue=5490%3A123974&PropertyCodeValue=5490%3A45855&PropertyCodeValue=5490%3A348749&PropertyCodeValue=5490%3A36426&PropertyCodeValue=5490%3A45854&PropertyCodeValue=5490%3A389082&PropertyCodeValue=5490%3A36433&PropertyCodeValue=5490%3A94408&PropertyCodeValue=5490%3A389157&PropertyCodeValue=5490%3A36428&PropertyCodeValue=5490%3A49227&PropertyCodeValue=5490%3A389156
>
> Or just build a home machine.
>
> What are you doing that you get a lot of virus's that will affect both
> windows and linux? If your that paranoid, run systems off of optic disc's.
> or read only mode.
>
>
> On Tue, Jan 8, 2013 at 10:17 PM, Brian MacLeod <nym.bnm at gmail.com> wrote:
>
>> On Tue, Jan 8, 2013 at 8:31 PM, Ron Frazier (ALE)
>> <atllinuxenthinfo at techstarship.com> wrote:
>> >
>> > The main concern I've always had about having backup media attached all
>> the time is that, if a virus got into the machine, it could attack and wipe
>> out the backup drive.
>>
>>
>> Always a possibility unless clients have absolutely NO write
>> privileges. That means adding new files, writing to old, or deletions.
>>
>>
>> > So, I need to know how to make a virus proof nas, such that at least
>> one partition on the device is accessible only  to the backup software for
>> write mode.  I don't care if everything can read the backup file, but I
>> only want the backup software to be able to add new files, write to them,
>> or delete them.
>>
>>
>> If it is writeable by the client, it will never be virus proof.  This
>> is part of the reason the massive backup infrastructure that I
>> maintain for the compute clusters at work don't work this way.  The
>> clients have no write capability to the backup servers. Ever. The
>> backup servers call the storage units and get copies of stuff instead.
>>  It still means I might be backing up a virus, but that virus on the
>> client will NOT destroy client backups.
>>
>>
>> > I need something that can run while Windows 7 is running and backup
>> using the volume shadow copy service.  I also need it to be able to back up
>> the ext4 Ubuntu partition on the PC's HDD, either by reading the native
>> file system or by using a sector by sector approach.  This way, I can just
>> let the backups run periodically on their own and not worry about malware
>> affecting the backup.
>>
>>
>> Well, can't help you with that then, because I do do Windows anymore,
>> so I'm not exactly sure I know what that shadow copy stuff is.  But I
>> have a feeling it doesn't enable what I described above about a backup
>> server initiating the work.  And frankly, I'd probably would rather
>> remain ignorant of those facts because my recent family/holiday time
>> was so much more enjoyable since I could honestly I don't know how to
>> run these versions of Windows.  I probably could grasp it, but I like
>> being stupid in this case.
>>
>> The Ubuntu thing -- piece of cake.  First ideas are LVM snapshots
>> which your backup machine calls in to get, or, backup machine uses LVM
>> to create daily snapshots of itself after a daily rsync of important
>> filesystems.
>>
>> Oh, and make the backup machine be only a backup machine.  No
>> browsing, no tasking of other things that could get it in trouble.  I
>> don't what other safe guards you have for browsing experience.  Just
>> don't do it.
>>
>> That's the only way you get to "virus proof" (and even then it still
>> isn't). That, or you have machine that never talks to another machine.
>>  But that's not exactly useful in this case.
>>
>> bnm
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
>
>
> --
> SimonTek
> 912-398-6704
>



-- 
SimonTek
912-398-6704
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130108/02975517/attachment-0001.html>

More information about the Ale mailing list