[ale] how do I make a virus proof nas?

Matthew simontek at gmail.com
Tue Jan 8 23:13:54 EST 2013


I use this as my NAS server:
http://www.newegg.com/Product/Product.aspx?Item=N82E16859107052

naslite is cheap, freenas is free.

Dedicated NAS purpose built:
http://www.newegg.com/Product/ProductList.aspx?Submit=Property&Subcategory=124&Description=&Type=&N=100008175&IsNodeId=1&IsPowerSearch=1&srchInDesc=&MinPrice=&MaxPrice=&PropertyCodeValue=5027%3A35284&PropertyCodeValue=5027%3A123972&PropertyCodeValue=5027%3A35282&PropertyCodeValue=5490%3A46252&PropertyCodeValue=5490%3A123974&PropertyCodeValue=5490%3A45855&PropertyCodeValue=5490%3A348749&PropertyCodeValue=5490%3A36426&PropertyCodeValue=5490%3A45854&PropertyCodeValue=5490%3A389082&PropertyCodeValue=5490%3A36433&PropertyCodeValue=5490%3A94408&PropertyCodeValue=5490%3A389157&PropertyCodeValue=5490%3A36428&PropertyCodeValue=5490%3A49227&PropertyCodeValue=5490%3A389156

Or just build a home machine.

What are you doing that you get a lot of virus's that will affect both
windows and linux? If your that paranoid, run systems off of optic disc's.
or read only mode.


On Tue, Jan 8, 2013 at 10:17 PM, Brian MacLeod <nym.bnm at gmail.com> wrote:

> On Tue, Jan 8, 2013 at 8:31 PM, Ron Frazier (ALE)
> <atllinuxenthinfo at techstarship.com> wrote:
> >
> > The main concern I've always had about having backup media attached all
> the time is that, if a virus got into the machine, it could attack and wipe
> out the backup drive.
>
>
> Always a possibility unless clients have absolutely NO write
> privileges. That means adding new files, writing to old, or deletions.
>
>
> > So, I need to know how to make a virus proof nas, such that at least one
> partition on the device is accessible only  to the backup software for
> write mode.  I don't care if everything can read the backup file, but I
> only want the backup software to be able to add new files, write to them,
> or delete them.
>
>
> If it is writeable by the client, it will never be virus proof.  This
> is part of the reason the massive backup infrastructure that I
> maintain for the compute clusters at work don't work this way.  The
> clients have no write capability to the backup servers. Ever. The
> backup servers call the storage units and get copies of stuff instead.
>  It still means I might be backing up a virus, but that virus on the
> client will NOT destroy client backups.
>
>
> > I need something that can run while Windows 7 is running and backup
> using the volume shadow copy service.  I also need it to be able to back up
> the ext4 Ubuntu partition on the PC's HDD, either by reading the native
> file system or by using a sector by sector approach.  This way, I can just
> let the backups run periodically on their own and not worry about malware
> affecting the backup.
>
>
> Well, can't help you with that then, because I do do Windows anymore,
> so I'm not exactly sure I know what that shadow copy stuff is.  But I
> have a feeling it doesn't enable what I described above about a backup
> server initiating the work.  And frankly, I'd probably would rather
> remain ignorant of those facts because my recent family/holiday time
> was so much more enjoyable since I could honestly I don't know how to
> run these versions of Windows.  I probably could grasp it, but I like
> being stupid in this case.
>
> The Ubuntu thing -- piece of cake.  First ideas are LVM snapshots
> which your backup machine calls in to get, or, backup machine uses LVM
> to create daily snapshots of itself after a daily rsync of important
> filesystems.
>
> Oh, and make the backup machine be only a backup machine.  No
> browsing, no tasking of other things that could get it in trouble.  I
> don't what other safe guards you have for browsing experience.  Just
> don't do it.
>
> That's the only way you get to "virus proof" (and even then it still
> isn't). That, or you have machine that never talks to another machine.
>  But that's not exactly useful in this case.
>
> bnm
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
SimonTek
912-398-6704
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130108/9ec0eef1/attachment.html>


More information about the Ale mailing list