logo logo
 The time in Wales is 24 November 2017 23:52:22
 
www.aiscl.co.uk Forum Index
 FAQFAQ   SearchSearch   MemberlistMemberlist   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Mapping and unmapping network drives

 
Post new topic   Reply to topic    www.aiscl.co.uk Forum Index -> AISBackup Support
View previous topic :: View next topic  
Author Message
Hughg



Joined: 01 Feb 2003
Posts: 73

PostPosted: Fri Mar 07, 2014 4:27 pm    Post subject: Mapping and unmapping network drives Reply with quote

I'm getting concerned about protecting backups on external USB drives or network drives from a possible Cryptolocker (or equivalent) attack. The only way that I can see of doing this is, when a backup is completed, to disconnect the USB drives from the system, or (if they're network drives), removing their mapping from the source computer. But both would have to be done manually, meaning that they are open to attack until this is done. And, of course, if you forget to connect them or map them manually before the backup, it won't happen.

Is there a way of getting AISBackup to connect/disconnect USB drives, and map/unmap network drives as part of its routine?
Back to top
View user's profile Send private message
Barry
Site Admin


Joined: 20 Aug 2002
Posts: 1491

PostPosted: Sat Mar 08, 2014 2:25 pm    Post subject: Making a backup safe from Malware Reply with quote

I too am concerned about Crypto Locker and I am repairing a PC with this infection for a customer of mine right now. By pure chance the backup drive got disconnected on his PC towards the end of January and I was able to restore the data from this backup, otherwise it would not have been possible – and I have heard that even if you pay the extortion fee you may not get the unlock key.

My customer did re-connect the backup drive after infection and subsequent backups contained the encrypted files, fortunately AISBackup’s ‘sessions’ enabled me to select a previous backup to restore from. To other readers of this post; a multi-session backup job is far superior to a copy job as you have the opportunity to select different dated restore points. His antivirus software had already removed the malware before he reconnected the backup drive (however this was a lucky coincidence).

To date Crypto Locker is encrypting files on a known file types (including zip) to this end I am going to change default AISBackup file extension, but this cannot be guaranteed to make the backup safe if it is still online and accessible via shares. AISBackup already allows the backup file extension to be changed for new backup jobs by using the Tools / Program Settings and Options / Advanced / Default Backup File extension option.

AISBackup mapping drives and un-mapping drives will not work either (actually it already does this – see next paragraph) because the drive will still have to be shared, and Crypto Locker may have the ability to use shares as well as mapped drives. Also if the destination is a network drive the sharing would have to be done on that PC – maybe I could do this via a service – if indeed Microsoft allows a service to share a drive as that too could be considered a security risk? The question mark is to invite feedback.

I would like to remind users of AISBackup that AISBackup does map password protected shares and un-map them after the backup, but you may have other mapped drives to the same Server / PC that allows access to the backup partition as well (via the share name). It is unfortunate that Microsoft does not allow different passwords for different shares and you cannot have more than one password protected session to the same PC at the same time, for example using a different Username / Password just for backups. The password is stored in encrypted format within AISBackup.

As far as I know FTP should be secure as long as the destination is always to a password protected drive that is not accessible via a share. Linux based NAS are getting faster.

I think I am fairly safe by backing up to a network drive and then on the networked backup PC having another backup job copying this to an external drive that is not shared, using a copy job and not a backup job in this case. It is also a good idea to switch between two external drives periodically and take one offsite (Recommended). As long as there is no possibility of malware accessing the registry on the remote PC (do not allow access to the Windows operating system folders under any circumstances) then it should not be possible for the remote PC to become infected (Except by opening the bogus HMRC / IRS / Delivery company e-mail attachments on the backup PC).

It may also be worth removing the default ‘hide file extensions of known file types’ so that you can see the file attachment is really named ‘badfile.jpg.exe’ and not what you would normally see ‘badfile.jpg’ (which looks like a safe image file).

If anybody else would like to add some suggestions for ensuring the backups are safe from malware while not requiring manual intervention to get running I would appreciate some feedback.

If I have made some errors in my assumptions please correct me.

Barry
Back to top
View user's profile Send private message Send e-mail
Hughg



Joined: 01 Feb 2003
Posts: 73

PostPosted: Sat Mar 08, 2014 3:25 pm    Post subject: Reply with quote

Thanks, Barry. I'll have to think about many of the points you raise. In the short term, would it be possible to allow the choice of a file extension longer than three characters, to lessen the chance that the combination you select is included by a later version of CryptoLocker? As you say, it's not something that can be relied on, but it might help a bit.
Back to top
View user's profile Send private message
Barry
Site Admin


Joined: 20 Aug 2002
Posts: 1491

PostPosted: Sat Mar 08, 2014 4:26 pm    Post subject: File extension longer than 3 characters Reply with quote

I thought it did longer extensions, I'll update AISBackup.

This was an early feature to change extension - I must have had my DOS / Windows 3.1 hat on.

I will look at renaming existing backup files too.

Barry
Back to top
View user's profile Send private message Send e-mail
Hughg



Joined: 01 Feb 2003
Posts: 73

PostPosted: Sat Mar 08, 2014 4:27 pm    Post subject: Reply with quote

Thanks, Barry. Wow -- has AISBackup been around that long? That's very impressive.

Hugh
Back to top
View user's profile Send private message
Hughg



Joined: 01 Feb 2003
Posts: 73

PostPosted: Fri Mar 14, 2014 2:52 am    Post subject: Reply with quote

Hi Barry

I tried changing the extension from .zip to another three-letter version, and then ran the backup. AISBackup told me that the destination folder already had files in it. I chose the option to continue, so it did, but the new backup files were still .zip files. I guess I should have moved to a new destination folder, but do you have any idea why it didn't start creating files with the new extension?

Hugh
Back to top
View user's profile Send private message
Barry
Site Admin


Joined: 20 Aug 2002
Posts: 1491

PostPosted: Fri Mar 14, 2014 10:52 am    Post subject: Changing extension Reply with quote

The extension may only be changed for new backup jobs.

AISBackup would have to be changed to enable the extension to be changed for existing backup jobs as the existing files would have to be renamed and the backup 'control' file changed.

I'll look at doing this for disk based backup jobs,, i.e. not FTP and not optical discs and not 'cloud'.

Barry
Back to top
View user's profile Send private message Send e-mail
Hughg



Joined: 01 Feb 2003
Posts: 73

PostPosted: Fri Mar 14, 2014 2:29 pm    Post subject: Reply with quote

Thanks, Barry. If you're able to do this (which I think is a great idea), will the extension changing be likely to work for network drives, do you think?

Hugh
Back to top
View user's profile Send private message
Barry
Site Admin


Joined: 20 Aug 2002
Posts: 1491

PostPosted: Fri Mar 14, 2014 3:50 pm    Post subject: Rename backup files Reply with quote

Yes this will work with network drives.

Maybe F T P

Meanwhile it is a good idea to change the extension for new backup jobs in any case. I was thinking of AIB as this does not appear to be used by any other application.

Barry
Back to top
View user's profile Send private message Send e-mail
Hughg



Joined: 01 Feb 2003
Posts: 73

PostPosted: Sun Mar 16, 2014 5:56 pm    Post subject: Reply with quote

Not sure about suggesting a standard extension. The crooks producing CryptoLocker-type malware are pretty adept at adding extensions to their lists. However, it might not be a bad idea to start with the default of .aib, and suggest that the user might like to adopt their own, with more than three letters, to help avoid the bad guys.
Back to top
View user's profile Send private message
Barry
Site Admin


Joined: 20 Aug 2002
Posts: 1491

PostPosted: Thu Mar 20, 2014 4:31 pm    Post subject: AISBackup Build 444 Reply with quote

Build 444 includes a new option to change the backup file extension on disk and network backups.

This is available as a pre-release at the moment and if all works okay will be transferred as the next release of AISBackup.

Barry
Back to top
View user's profile Send private message Send e-mail
Hughg



Joined: 01 Feb 2003
Posts: 73

PostPosted: Thu Mar 20, 2014 4:33 pm    Post subject: Reply with quote

Thanks, Barry. This will be good to have.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.aiscl.co.uk Forum Index -> AISBackup Support All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group