How to Bulletproof your NAS storage against Ransomware

Nearly all organisations own some form of NAS storage device that they use for various purposes.

Firstly, as a backup destination which is the most common usage.

Secondly, as a Web Server, and thirdly, as a hypervisor to host Virtual Machines.

In this post, we focus on applying the best practices to such devices regardless of their usage.

The below steps are vendor agnostic and can be applied to the majority of the NAS boxes:

Security

Use strong, unique passwords for all accounts
Enable two-factor authentication for admin accounts
Keep the firmware and software up to date
Encrypt NAS volumes
Disable SMBv1
Use secure protocols. Disable HTTP, Telnet and FTP access
Allow only HTTPS, SSH and SFTP connections
Disable access from public networks such as the internet
Limit access to authorised users and enable access control lists (ACLs)
Enable Logging
Configure notifications for user logins

System & Network Performance

Retain only the required software and services
Pay attention to the disk specifications if used as a backup vault or hypervisor.
Choose a RAID setup that fits each scenario’s requirements. Follow this link to a handy RAID calculator, which comes for free
Aggregate network interfaces to get the maximum possible speed out of the NAS

In conclusion, the above configuration can significantly benefit a NAS device, while it doesn’t come with any tradeoffs.

It always comes as a surprise how NAS devices often go unnoticed in infrastructure, given their essential role.

Remember, this is another location where company data lives, and we want to ensure they are safe and well.

VEEAM’s 2022 Ransomware Trends Report shows backups were targeted in 94% of attacks and impacted in 68% of attacks; thus, we need to be mindful of their protection.

If you found the above informative, I’d suggest booking a quick 30-min session with one of our Subject Matter Experts (SME) to discuss how you protect your data and walk you through some of the industry’s best practices.