If you are able to connect to your Network Attached Storage Device with your Active Directory credentials it might be a good idea to change the way your NAS authenticates. Ransomware attacks on the rise its hard to think of a work environment where inside the network should be thought of as unsecure space.
Unfortunately with social engineered attacks, such as phishing and new exploits being found daily it’s the reality in 2021.
Once the hackers gain access to the network, they can encrypt local files on servers and workstations. However it doesn’t stop there. Using the same credentials they can generally access the backup drives as well and encrypt the data there rendering the backups useless without paying the ransom!
Ways to safeguard your backups
If your backups are still saved onto a locally attached USB drive plugged in the servers, your company is extremely vulnerable! The current ransomware viruses are designed to target not just local drives, but also any device attached to the server or workstation along with Network Attached Storage Devices (NAS) or mapped network drives.
Generally for easy of management the NAS is joined to the active directory on-site or Azure AD. This allows for authenticated users to easily access the network storage without entering additional passwords, it also allows seamless passwords updates as the authentication is done through AD instead of the NAS unit itself.
Why single user for all is BAD
Although life is easier keeping up with only one admin password/account, once you are authenticated with this password its never asked for it again, giving you the free reign on the network with your appropriate permission level. The reason why this is such a problem is that if there is a compromised admin user on the network, they are able to access the NAS drive just as they would any other device inside that network. This poses a security risk where a compromised admin account can infect workstations, servers, and any attached backup devices.
Solution
Using a separate username and password to access the network attached storage instead of the sync with the Active Directory for authentication eliminates an inherent risk of a compromised network user account being able to gain access to the backups and encrypt the data.
- Don’t let NAS authenticate on the network through Active Directory. Use internal usernames instead for backup purposes.
- Don’t mount the storage on any machine as a network drive, only use the backup applications to authenticate into the NAS
- Have cloud backup as a “backup” source for sensitive files that are essential to your business.
- Make sure your backups are tested regularly and work properly. Odds are testing backups is not something you or your staff will do. So a good Managed IT Services Provider (MSP) can be a great asset in protecting your company.
- What will you do in case of an emergency or disaster? How long will it take to restore services? What is the cost of the down time? These are the questions that are part of the Disaster Recovery Planning and its extremely important that your company has one in place. Most MSP can help with this as well!
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity