From d2641fbbd8f5319a7efc9c158045e136211a7581 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Mon, 28 Nov 2022 10:25:23 +0100 Subject: [PATCH] docs: ransom ware: reflow text to our 80cc and drop some trailing whitespace while at it Signed-off-by: Thomas Lamprecht --- docs/storage.rst | 71 ++++++++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 33 deletions(-) diff --git a/docs/storage.rst b/docs/storage.rst index ff48c05c..1361b9a5 100644 --- a/docs/storage.rst +++ b/docs/storage.rst @@ -385,55 +385,60 @@ Prevention by Proxmox Backup Server `Ransomware `_ is a type of malware that encrypts files until a ransom is paid. Proxmox Backup Server includes -features to mitigate ransomware attacks by offering easy restoration from backups. +features to mitigate ransomware attacks by offering easy restoration from +backups. As a best practice, you should keep multiple backups, including outside of your network and on different media. Proxmox Backup Server provides the tools to do -both. It is possible to create :ref:`remote sync jobs `; by -setting up a remote Proxmox Backup Server you can take advantage of the sync job -feature and create off-site copies of your backups. This is recommended, since -offsite instances are less likely to be infected by the ransomware in your local -network. It is also possible to create :ref:`tape backups ` as a -second storage medium. This way you get an additional copy of your data which -can easily be moved off-site. +both. +It is possible to create :ref:`remote sync jobs `; by +setting up a remote Proxmox Backup Server you can take advantage of the sync +job feature and create off-site copies of your backups. +This is recommended, since offsite instances are less likely to be infected by +the ransomware in your local network. It is also possible to create :ref:`tape +backups ` as a second storage medium. +This way you get an additional copy of your data which can easily be moved +off-site. -Proxmox Backup Server does not rewrite data for existing blocks. This means that -a compromised Proxmox VE host, or any other compromised system using -the client to back up data, cannot corrupt existing backups. +Proxmox Backup Server does not rewrite data for existing blocks. This means +that a compromised Proxmox VE host, or any other compromised system using the +client to back up data, cannot corrupt existing backups. Furthermore, comprehensive :ref:`user management ` is offered by -Proxmox Backup Server. By limiting a sync user's or an access token's right to -only write backups, not delete them, compromised clients cannot delete -existing backups. Following this best practice, backup pruning should be done -by the Proxmox Backup Server using prune jobs. +Proxmox Backup Server. +By limiting a sync user's or an access token's right to only write backups, not +delete them, compromised clients cannot delete existing backups. +Following this best practice, backup pruning should be done by the Proxmox +Backup Server using prune jobs. -While your Proxmox Backup Server can still be compromised, if your backup is +While your Proxmox Backup Server can still be compromised, if your backup is encrypted by ransomware, the SHA-256 checksums of the backups will not match the previously recorded ones anymore. Hence, restoring the backup will fail. -To detect ransomware inside a compromised guest, it is recommended to frequently -test restoring and booting backups. Make sure to restore to a new guest and -not to overwrite your current guest. In the case of many backed-up guests, it is -recommended to automate this restore testing or, if this is not possible, to -restore random samples from the backups. - -In order to be able to react quickly in case of a ransomware attack, it -is recommended to regularly test restoring from your backups. Make sure to -restore to a new guest and not to overwrite your current guest. Restoring -many guests at once can be cumbersome, which is why it is advisable to -automate this task and verify that your automated process works. If this is not -feasible, it is recommended to restore random samples from your backups. While -creating backups is is important, verifying that the backups work is equally -important. This ensures that you are able to react quickly in case of an emergency -and keeps disruption of your services to a minimum. +To detect ransomware inside a compromised guest, it is recommended to +frequently test restoring and booting backups. Make sure to restore to a new +guest and not to overwrite your current guest. +In the case of many backed-up guests, it is recommended to automate this +restore testing or, if this is not possible, to restore random samples from the +backups. +In order to be able to react quickly in case of a ransomware attack, it is +recommended to regularly test restoring from your backups. Make sure to restore +to a new guest and not to overwrite your current guest. +Restoring many guests at once can be cumbersome, which is why it is advisable +to automate this task and verify that your automated process works. If this is +not feasible, it is recommended to restore random samples from your backups. +While creating backups is is important, verifying that the backups work is +equally important. This ensures that you are able to react quickly in case of +an emergency and keeps disruption of your services to a minimum. Other Prevention Methods and Best Practices ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -It is recommended to take additional security measures, apart from the ones offered -by Proxmox Backup Server. These recommendations include, but are not limited to: +It is recommended to take additional security measures, apart from the ones +offered by Proxmox Backup Server. These recommendations include, but are not +limited to: * Keeping the firmware and software up-to-date to patch exploits and vulnerabilities (such as