The recent ransomware attack on QNAP-branded NAS has made more than one owner of this data storage solution nervous. A NAS (network-attached storage) is a server that functions as a repository for files and data. It is, in itself, a computer with its own operating system, and in case of data deletion (accidental or not) it can serve as protection, but if it is compromised it becomes an additional problem.
It is impossible to be 100% safe from malware, but here are some tips to minimise its likelihood.
1. Update your software
Although it may seem like a basic thing to do, it is necessary to always use the latest available software version of the operating system. This way, the only security flaws that malware writers can exploit are those that have not yet been discovered by the manufacturer, the so-called “zero-day” flaws.
To make this more bearable, it is best to configure the NAS to perform updates automatically. If you are not in favour of automatic updates, it would be advisable to have an alert enabled on your mobile phone to indicate when there are updates.
2. Do not use the administrator user
Keeping the NAS up to date prevents many attacks, but there are other ways in which ransomware can access the NAS.
One common way to use the NAS is as a network drive. If a computer on the network has been infected with ransomware and is authenticated as an administrator on the NAS, it has the ability to remotely encrypt the entire drive. It is true that using the administrator user is not very common in business environments, but it is very common at home. Therefore, a good measure to take would be to create a new administrator account and once this is done, log in with it and remove the permissions that were being used.
From then on, to install new packages or change configurations, you will have to log in with this new account exclusively. In addition, in order to have more security, this administrator account should have two-step authentication established.
3. Backing up the NAS
Backing up is very important to prevent ransomware attacks and to deal with NAS hardware failures, and NAS systems provide many facilities to carry out this measure.
Nowadays there are multiple services for making these backups: Google Drive, Dropbox, Amazon S3… These services allow you to configure the backups to be made continuously or at a specific time of day. Thanks to this measure, the cloud service would make it possible to recover older versions of the files in order to be better protected.
4. Using snapshots
One option that helps to improve NAS security would be the creation of snapshots. A snapshot of a disk is a copy of the virtual machine disk file (VMDK) at a specific point in time. It preserves the disk file system, allowing us to revert to that saved image in case something goes wrong. By enabling the creation of snapshots on NAS, it is possible that when you create or modify a file, you actually write only the changes to the file system.
Thanks to this functionality it is possible to go back in time, as if it were a time machine, to recover old versions of files, an ideal functionality in case of being attacked by ransomware. However, it is important to note that this measure must be complemented with the previous ones: do not use the administrator account regularly and have it well protected (complicated password, two-step authentication) to prevent sophisticated software from disabling snapshots before encrypting the files.
In this respect, HodeiCloud is a company that offers NAS cybersecurity management and maintenance. Without the need to buy a NAS, it offers customers a technological leasing service, a monthly fee that includes the product and the service. In addition, this service also includes a contingency plan for cyber-attacks and backup copies.
#NAS #Ransomware #Cybersecurity
Source: Xataka
Recent Comments