How to Bulletproof your NAS storage against Ransomware
Nearly all organisations own some form of NAS storage device that they use for various purposes.
Firstly, as a backup destination which is the most common usage.
Secondly, as a Web Server, and thirdly, as a hypervisor to host Virtual Machines.
In this post, we focus on applying the best practices to such devices regardless of their usage.
The below steps are vendor agnostic and can be applied to the majority of the NAS boxes:
Security
- Use strong, unique passwords for all accounts
- Enable two-factor authentication for admin accounts
- Keep the firmware and software up to date
- Encrypt NAS volumes
- Disable SMBv1
- Use secure protocols. Disable HTTP, Telnet and FTP access
- Allow only HTTPS, SSH and SFTP connections
- Disable access from public networks such as the internet
- Limit access to authorised users and enable access control lists (ACLs)
- Enable Logging
- Configure notifications for user logins
System & Network Performance
- Retain only the required software and services
- Pay attention to the disk specifications if used as a backup vault or hypervisor.
- Choose a RAID setup that fits each scenario’s requirements. Follow this link to a handy RAID calculator, which comes for free
- Aggregate network interfaces to get the maximum possible speed out of the NAS
In conclusion, the above configuration can significantly benefit a NAS device, while it doesn’t come with any tradeoffs.
It always comes as a surprise how NAS devices often go unnoticed in infrastructure, given their essential role.
Remember, this is another location where company data lives, and we want to ensure they are safe and well.
VEEAM’s 2022 Ransomware Trends Report shows backups were targeted in 94% of attacks and impacted in 68% of attacks; thus, we need to be mindful of their protection.
If you found the above informative, I’d suggest booking a quick 30-min session with one of our Subject Matter Experts (SME) to discuss how you protect your data and walk you through some of the industry’s best practices.