Do you use a NAS? If so, what would your pseudo process look like?
Thanks!
You just decide on:
(click to see details)
Data tiers
- D1. projects (critical)
- D2. more important data files - e.g. save games
(important) - D3. user documents (what sits in User profile and other dedicated folders) (somewhat important)
- D4. workstation system image (full) (convenience).
- D5. other workstation volumes (full)
- D6. virtual machines (on dedicated hosts).
Over time you utilize more resources (backup tiers):
Resources
- Daily-NAS
- Backup-NAS (stays offline until needed).
- Glacier (Amazon)
- Github
- BitBucket
- NAS-300km away.
And over them you build around those two some "processes"
Processes per tier
(some are overlapping - which is good)
D6. I use program that does snapshots of the VMs and uploads them to dedicated folder in Backup-NAS.
D5. Images created on the workstation are copied into Daily-NAS (dadicated SMB share). Every second time I copy them to Backup-NAS (usually leaving only last one on the Daily-NAS).
D4. Similar process just little more frequent.
D3. I use RAR to compress with 10% redundancy and two additional redundant volumes then I copy them to the Daily-NAS and from Daily to Backup-NAS. Currently Daily NAS is a Win20016 Essentials, so I try to use RemoteDesktop to access the BackupNAS). BackupNAS uploads to Glacier.
D2. As D3 just more often. Once A yer several backups, goes to the NAS-300Km away.
D1. As D2 just even more often. Additionally D1 is at least 75% in GIT repository - that means local snapshots and upstream GIT servers. As for GIT server there are two paths: corporate - they do their own stuff (including 2 copies in separate data centers at least 60km away - almost always); my path - Stash in one of the VMs with the upstream to either GitHub or BitBucket ( and I assuem they too have their own processes) .
Glacier gets only new files (no updates of existing files) - but that build in into its client. Backup-NAS has its own user accounts.
One additional rule: never override last backup (two last backups is the minimum).
From this you can conclude:
Main disadvantages
- Has one main disadvantage - me
- There is no real automation in this all.
- Some intervals are too long.
- There is no big protocol differentiation - for most part it is SMB (with exception for GIT and Glacier).
and
Main advantages
- backup type tiers: difference between Daily-NAS, Backup-NAS, and Glacier/GIT (e.g. each with different user database and somewhat different visibility).
- somewhat overlap
- As for the remote "backups" Glacier is more stale state of the backup (but larger) and GIT obviously more frequent (but smaller).
And lets be honest it is just because of previous shit that happened (experience is the best teacher).
Fun fact:
I have 12 days to buy Windows 2016 Essentials license
Thanks! I like your process. From this I think I can orchestrate a backup process that meets my needs. I would like to automate, as much as possible.
WannaCrypt Emergency Patch for pre-Windows 10 computers targeted
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
(Microsoft) Customer Guidance for WannaCrypt attacks
MSRC Team May 12, 2017
MS17-010: Security update for Windows SMB Server: March 14, 2017
Including Windows 10
https://support.microsoft.com/en-us/help/4013389/title
It is said that this virus is much more aggressive than cerber and Jaff virus.
Pretty much any recent variant of ransomware will sniff out any open network shares your profile as write access to and encrypt them. Whether your running Linux on your NAS or FreeBSD or whatever, all the encryption is done client side, to your NAS it's just business as usual and just sees data being written by the client.
The safest way to protect yourself is stop using Windows, but for alot of people that might not be feasible. If you're a home user and have 2 brain cells you can clap together you're already reasonably safe, all ransomware seen so far in the wild is spread (at least initially) by email. Just double check the source for any email with an attachment, NEVER open a zip file, and disable macros in your word processor. Those practices there will protect you from 99.9% of all email based threats.
1 Like