Backup without veeam ransomware issue with truenas

[torefloo]

I want to get a backup without being affected by ransomware attacks with the veeam hardened repository feature.

In this I thought truenas free version would be suitable solution.

But what should I pay attention to in this configuration for truenas, how should I configure truenas, do I need a special configuration? You recommend using my iscsi connection when connecting Truenas veeam.

Can you help me with this.

 

[sretalla]

Veeam will probably work best with SMB.

Make sure you have snapshots with a suitable retention time and frequency (snapshot task) for that dataset and you'll be protected against ransomware.

 

[torefloo]

I wonder how I am protected against ransomware, because there is no protection by default because ransomware malware also encrypts veeam backup .vib extensions.I wonder how I am protected against ransomware, because there is no protection by default because veeam backup also encrypts .vib extensions in ransomware attacks.

 

[sretalla]

If you backup to a share on TrueNAS where you take snapshots daily, on the day you are impacted by the ransomware/malware or whatever, the backup from that day will now impact what's on the share, but it can't impact the snapshot from the day before (since snapshots can't be touched).

You can simply roll-back the snapshot from the day before the impact and everything is fine again, hence protected against ransomware/malware.

 

[torefloo]

I wonder how I am protected against ransomware because by default there is no protection because ransomware malware also encrypts Veeam backup .vib extensions. extensions in ransomware attacks.

truenas do we add the snapshot area as a share or do we specify a dedicated area for snapshots from the disk partition?

[moderator note: translated from Turkish -jg]

 

[jgreco]

Greetings -

Welcome to these forums.

Please note that the main forums are English language, and you are expected to post in English here. We have a section for International discussion that includes a Turkish section, and you may post in Turkish there. Supporting multiple languages in the main forums is untenable. If you do not speak English natively, please know that we're fine with machine-translated messages from services such as Google Translate. These don't always work well, but we will still definitely try to help you!

----

Selamlar -

Bu forumlara hoş geldiniz.

Lütfen ana forumların İngilizce olduğunu ve burada İngilizce yazı yazmanızın beklendiğini unutmayın. Uluslararası tartışma için bir Türkçe bölüm içeren bir bölümümüz var ve orada Türkçe yayın yapabilirsiniz. Ana forumlarda birden çok dili desteklemek savunulamaz. Ana diliniz İngilizce değilse, lütfen Google Çeviri gibi hizmetlerden makine çevirisi iletiler almamızın sorun olmadığını bilin. Bunlar her zaman iyi çalışmaz, ancak yine de size kesinlikle yardımcı olmaya çalışacağız!

 

[torefloo]

sorry i typed wrong

 

[jgreco]

I wonder how I am protected against ransomware because by default there is no protection because ransomware malware also encrypts Veeam backup .vib extensions. extensions in ransomware attacks.

Your Veeam proxies should have exclusive locked down access to their TrueNAS SMB shares. There are Veeam best practice documents on this topic, I believe. Use both a username/password exclusive to Veeam, and also lock down the share to only allow IP access from your Veeam proxies. This means that your Veeam proxies would need to be compromised in order for ransomware to be effective. Leaving these unprotected does mean that there are chances for ransomware attacks.

Additionally, you can set up TrueNAS to periodically snapshot your backup repository. ZFS snapshots do not allow the contents of the snapshot to be overwritten, so there is no way to overwrite or "encrypt" a previously written snapshot.