Tag: Malware

The Case for data protection – Tuesday’s ransomware attack

hacker, malware, ransomware
Image courtesy of photouta at FreeDigitalPhotos.net

The second reported attack of NSA-esque ransomeware this Tuesday should not surprise any systems administrators or IT staff. These attacks are happening on an increasing basis, and with the release of the “Vault 7” documents as a how-to-for-hackers, they will only increase. Google hacker culture, Vault 7 or script-kiddies. Suffice it to say, that dangers like this are a growing concern that needs to be addressed in your Data Protection plan.

Data Protection Plans

Getting back to the basics of Data Protection, todays’ article will discuss how backups as a part of your DP program, can help with ransomeware attacks. Backups may bring up visions of hurricanes or tornadoes, but it goes well beyond that. Data protection also means, well, protecting your data. From all the threats out there, including accidentally deleted files and not so accidentally deleted files, or even ransomed files.

So, you may be asking, how does data protection actually protect me from ransomeware? To put it simply, ransomeware doesn’t remove your data and your files, like a tornado, hard drive crash, or hurricane. It removes YOUR ACCESS to that data and files.  Time and mathematics instead of wind, rain, and lightening are denying access to your data. The files are still there, but you can’t use them to do what you need to do.

Backups

This is the case for backups. We previously discussed the several use cases for snapshots in an article, but in this instance, any backup will do as long as the backups were taken BEFORE the systems became infected with ransomeware.

To this point, you should have a backup SCHEDULE. That means that you don’t just keep the latest copy of your backup, your keep staggered copies of your backups. One of the most famous backup schemes is Grandfather-Father-Son backups. While the scope of your backup schedule is beyond this article, suffice it to say that you should have at least one month of good backups if you have to restore data. With many of the backup appliances on the market these days, this is taken care of for you. And with compression and deduplication technologies the amount of data that can be stored on-site or remotely is truly astounding.

This solution is not perfect, but better than paying someone to release the data that you generated in the first place. Or maybe not – maybe the hackers will sell you an enterprise license? Good Data Protection policies deal with many ways to keep your data YOUR data. This includes making sure you can access it.

In the grand scheme of things, this rash of WannaCry-type ransomeware attacks will continue. While security companies are rapidly working to cut down these attacks, if your data protection isn’t cutting the mustard these attacks will be terrible for your ability to support the other departments of your company. It is time to have a discussion with management about your data protection strategy and how these attacks affect it. Like they say “Life is tough, but it’s tougher if you are stupid.”

Share this:

Snapshots – Everyday Uses and Hacks

Storage Snapshot
Image courtesy of ddpavumba at FreeDigitalPhotos.net

Creating snapshots in a storage environment is an amazing technology.  The ability to take an instant “picture” of a data volume is a tool that is used in a variety of ways.  It makes your job easier and more manageable.  It can help secure your environment.

Different vendors implement snapshots in various ways, but the general theory remains the same. An almost instantaneous copy of data that may be moved and manipulated by a system administrator.  The theory of this is nice, but how can we USE this functionality.  Can it make their job easier and protect their systems from the everyday issues they see “in the wild”?

With organizations I work with, we see many innovative uses of snapshotting technology.  There are amazing examples of real world IT organizations making their jobs faster, easier, and much less stressful.  In other words, they used “business hacks” to make their snapshots work for them. We will discuss five real world ways to use snapshots that are relevant and guaranteed applicable to your everyday work load.

Snapshots in your DR strategy

The first things that pops into most people’s mind is backups and disaster recovery.  Snapshots produce an exact copy of virtual machines or data volumes that is stored within the storage appliances.  Most vendors allow these snapshots to be replicated or moved to another storage appliance.  This allows you to use an appliance in another location as a disaster recovery site.  Or, it is possible to mount these snapshots as volumes and allow your backup server to incorporate these exact replicas of data into your existing backup or Disaster Recovery plan.

There are several advantages to this approach.  The data in a snapshot is an exact replica in time, so it is easy to manage RPO and RTO.  Also, this approach takes the data backup “offline” of your production servers.  Sure, the network and storage are still involved in transferring this data, but the data transfers happen out-of-band.  This reduces slow systems and lag.  Many vendors now include APIs for cloud storage in their software and storage appliances.  Now, you may back up your snapshots directly to cloud storage.

Update “insurance” snapshots

We’ve all done it.  Installed that patch from our system or software vendor and it breaks the box.  Perhaps breaks is a strong word.  It temporarily overwhelms our system with new features and benefits. While snapshots can’t make the process of ironing out an ornery system update any easier, it can provide you with insurance.

By taking a snapshot before you update a system, you have an exact copy that you know works.  Suppose you cannot straighten out all the goodness that was Big-Name-Accounting-Package 5.0 before Monday 8am rolls around.  Now you have the ability to fail-back to your old system while you continue to straighten out the misbehaving upgrade.  Almost a form of version control for those of you familiar with the software development world.  This nifty trick also works on desktops.  If you are using VDI, make copies of your desktop images and use the same concept.  It may not save you time getting to the next version, but it will certainly save your bacon as far as system up-time and help-desk calls are concerned.

Gold copy snapshots

If you are making snapshots of servers before you upgrade, you are probably already doing this, but we will mention it anyway.  Snapshots are amazing tools for creating new servers, virtual machines, or desktops.

Once you have installed an operating system and all the various patches and utilities that you routinely use – take a snapshot.  Now this new, untouched system as-pure-as-the-driven-snow will be the starting point for all new servers or desktops that you implement.  This is often referred to as the “Gold copy“, a reference to software development and when code is ready to ship out to customers.

This “Gold copy” has standard system configurations already in place, various drive mappings, and config files.  It is all in there.  Sure you may edit some things like network and licensing, but you have a starting place that is pretty solid.  In the future, if you need to make changes then just make changes and save as a new snapshot.  This may not seem like much, but anyone who has built a new system from scratch will tell you that this is a genuine lifesaver.

This concept applies to both virtual machines and stand-alone servers or desktops.  Several customers we work with will use an application to “ghost” images from storage appliances to a new non-virtualized server or desktop.  Mount the snapshot you would like to use as your system image, then transfer it over to your new hardware using the disk image utility of your choice.  Of course, this works best in a virtualized environment, but it is also a valuable tool for the not-yet-virtualized.  By the way, why aren’t you virtualized yet?

Instant data set snapshots

We regularly hear from customers asking how to generate test data for new systems testing.  In several cases, systems administration is tasked with creating data sets that the consultants or systems specialists can use to ensure the systems are working as anticipated.

Instead of this being a problem, use the best test data that there is – an exact copy of your current, live data.  There is no need to create new data sets from your existing data. By creating a snapshot of your current databases, you may test systems with what was once hot and live data.  But, there is no negative impact if this data is corrupted or destroyed.  You can even create multiple copies of this data to use across multiple tests.

Getting around malware with snapshots

Today’s data environment can be a pretty scary place.  Look no further than the headlines to see

Malware, virus, spyware
Image courtesy of Stuart Miles at FreeDigitalPhotos.net

stories about malware and ransomware wrecking havoc on organizations.  If the recent exploits of the bad guys is any indication, things are getting much larger in scope.  The WannaCry attack is still fresh in everyone’s minds and is rumored to have effected over 230,000 machines world-wide. It is safe to say that there are external threats to your data that can be remediated with snapshots.

A schedule of snapshots  on your storage appliance is the solution.  Whether this is part of your disaster recovery planning or not, set up a schedule. This concept is similar to the “patch insurance” we discussed above.

By making a number of snapshots over time, we are able to go back to former snapshots and explore these snapshots for malware.   Perhaps we may extract data from our snapshots before the encryption activates.  Of course, data sometimes is lost.  It is up to management to decide to pay faceless hackers for your data or try to recover it via backups and snapshots.

Snapshots have been in the storage technology tool bag for a while.  The technology has matured so that most storage array vendors are offering this functionality.  Over years of working with clients, we have discovered many innovative ways that people are using snapshots.  In this article, I have shared what I have seen, but I am interested in what you are doing with your snapshots.  Feel free to share and let everyone know how they can use snapshots within their storage appliance.

 

Share this: