Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Prevent encryption virus to encrypt network storage
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
mlyszczek
n00b
n00b


Joined: 02 Dec 2015
Posts: 8
Location: Poland

PostPosted: Wed Dec 02, 2015 12:37 pm    Post subject: Prevent encryption virus to encrypt network storage Reply with quote

Hello,

Please note, I've been really searching the web trying to find answers, didn't find anything about this though.

tl;dr Have Linux file server with cifs, nfs, ftp, whatever. Have Windows with all the time mapped network drive. Catch virus that encrypts everything it can for ransom. Question raises. Can this virus encrypt file on the Linux server? If yes (I guess it can), what would you do to protect your files from such situations?


Long story:

As some of you know, there are those pesky viruses, traveling over the internet, that are encrypting everything they have access to. I am about to start my own file server powered by Linux. Linux server will be rather secure, I don't expect to catch such virus there, especially not with root priviliges. But, this is file server, so I would want to acces it from numerous devices with Linux, Windows etc. And thus, I am afraid I catch this encryption zerg virus on my Windows box and it will encrypt all my data on Linux server. I suppose it is doable, as I see no problem with downloading file to machine with virus, encrypt it, and then upload it overwritting the original.

The question is: how can we protect ourselfs from such viruses? Is the only way to prevent such encryption, mouting drive only when we need one, and after copying files umounting it? Or do our best to not catch such viruses?

I guess I could mount network drive as read only, and remount it read/write for short time when I need to write something, but maybe there is easier and more convinient way.

Mike
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 564
Location: France

PostPosted: Wed Dec 02, 2015 1:50 pm    Post subject: Reply with quote

If the client can write to the share, you can't forbid such unwanted encryption. And I doubt clamav, or another virus scanner, can prevent this threat.
The best solution is making (several) backups of your data, on an unshared place.
Back to top
View user's profile Send private message
chithanh
Developer
Developer


Joined: 05 Aug 2006
Posts: 2152
Location: Berlin, Germany

PostPosted: Wed Dec 02, 2015 2:01 pm    Post subject: Reply with quote

You can use a filesystem that supports snapshots (zfs, btrfs, nilfs), or use LVM snapshots with any filesystem. Make a cron job that creates a snapshot at regular intervals.
If you only ever add files to your server and not do any heavy video/image editing etc. these snapshots will come at almost no disk space cost. Else you may have to delete older snapshots occasionally.

When you catch some encryption ransomware, just roll back to the latest unaffected snapshot.
Back to top
View user's profile Send private message
mlyszczek
n00b
n00b


Joined: 02 Dec 2015
Posts: 8
Location: Poland

PostPosted: Wed Dec 02, 2015 2:12 pm    Post subject: Reply with quote

@CneGroumF, yeah, that was my thoughts too. Backups are good, but they are heavy in cost.

@chithanh Hmm, yes, this snapshot solution sounds nice, didn't think about them! We can go even further with that and create a simple script that checks whether some control file (ie /home/user/.check) didn't change, and if so, raise an alarm.

This is a very nice idea, chithanh, thanks.
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 564
Location: France

PostPosted: Wed Dec 02, 2015 2:39 pm    Post subject: Reply with quote

mlyszczek wrote:
@CneGroumF, yeah, that was my thoughts too. Backups are good, but they are heavy in cost.

So you don't have backups yet ? How much do you estimate your data ? :wink:

Snapshots are a good way to easily and quickly revert unwanted changes (thank you chithanh, I didn't think about them either), but are not a backup solution. Virus are one part of the problem, disk failures are another...
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10304
Location: Somewhere over Atlanta, Georgia

PostPosted: Wed Dec 02, 2015 2:40 pm    Post subject: Reply with quote

Moved from Networking & Security to Unsupported Software. Not about Gentoo so it fits better here.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
mlyszczek
n00b
n00b


Joined: 02 Dec 2015
Posts: 8
Location: Poland

PostPosted: Wed Dec 02, 2015 3:00 pm    Post subject: Reply with quote

CneGroumF wrote:
mlyszczek wrote:
@CneGroumF, yeah, that was my thoughts too. Backups are good, but they are heavy in cost.

So you don't have backups yet ? How much do you estimate your data ? :wink:

Snapshots are a good way to easily and quickly revert unwanted changes (thank you chithanh, I didn't think about them either), but are not a backup solution. Virus are one part of the problem, disk failures are another...


I do, but you know. It's easier to revert snapshot, or replace fallen drive than copy 100 dvds back to the hard drives :wink:
Back to top
View user's profile Send private message
Buffoon
Veteran
Veteran


Joined: 17 Jun 2015
Posts: 1074
Location: EU or US

PostPosted: Wed Dec 02, 2015 3:03 pm    Post subject: Reply with quote

This virus is running from a Windows machine, encrypting files on a filesystem it has write access to. How about a shared filesystem (storage) which is not writable by clients and another filesystem for uploads. Then use a cronjob to move files from upload to storage.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum