Is your Windows Backup Server at Risk of Ransomware?

Your Windows-based backup server may be at risk to ransomware. That was the take away from a recent talk on ransomware at the VeeamOn conference in New Orleans. A ransomware attack could either begin at your Windows-based backup server or crawl to your backup server through the network. It is therefore crucial that administrators take multiple steps to protect the backup software’s configuration data and its databases, as well as the backup data itself.

I’d like to take a moment to applaud Veeam for being upfront about this risk. Giving your customers a reason to consider the competition is always a risky move, even if most of Veeam’s competitors also use Windows backup servers. So, kudos to Veeam for this conference session that happened to occur the week after WannaCry started infecting systems worldwide.

The first and possibly most important thing an organization can do is to make sure it is up to date on any security patches. That one step would have stopped WannaCry. The backup system is the last line of defense, so make sure that it is one of the first systems to receive security patches. While we can understand the difficulty in updating every server in an enterprise, there really is no excuse for not keeping the backup server up to date.

Segregate the backup system as much as possible. This means not using an Active Directory authentication to log into the backup server. Use a separate account that is used only on the backup system. It’s also important to put the backup system on a separate network or VLAN. This will stop malware that crawls through the corporate network looking for other systems to compromise. WannaCry, for example, starts with a single infected system and then spreads through the SMB protocol. Not letting desktops and laptops directly see the backup server limits your exposure.

Limit the kinds of tasks the system performs on the backup server that might place it at risk. One of the best things IT can do is encourage administrators of the backup system to not browse the web directly from that machine, and especially not a privileged account on that machine.

Since many attacks also come via the Remote Desktop protocol (RDP), disabling RDP is always a good idea. If your organization uses RDP as part of your operation, consider putting it behind an internal firewall. You could limit RDP access to only those who have authenticated to an internal VPN.

There is not space in this format to go into all the things you can do to protect your server, but there is one final suggestion to make. Do not store your backups directly on the Windows-based backup server. Store them on a Linux-based network mount the Windows-based backup server accesses. If possible, only mount that network drive when it’s necessary for backups.

StorageSwiss Take

Many people reading this blog will think that some of the suggestions seem silly or overly cautious, but consider this: Data centers have always been a target for attacks, but ransomware attacks are different. The attackers are now motivated with a direct financial incentive, allowing them to attack thousands of machines hoping to get some of them to pay them hundreds or thousands of dollars. And its working. Some studies project ransomware is now a billion dollar “business”. Ransomware attacks are only going to increase. It’s time to take the security of your Windows-based backup server very seriously.

W. Curtis Preston (aka Mr. Backup) is an expert in backup & recovery systems; a space he has been working in since 1993. He has written three books on the subject, Backup & Recovery, Using SANs and NAS, and Unix Backup & Recovery. Mr. Preston is a writer and has spoken at hundreds of seminars and conferences around the world. Preston’s mission is to arm today’s IT managers with truly unbiased information about today’s storage industry and its products.

Tagged with: , , , , , ,
Posted in Blog

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 21,946 other followers

Blog Stats
  • 1,319,367 views
%d bloggers like this: