Home backup solution to NAS

Forums › Desktop computing › Home backup solution to NAS

evnafets

537 posts

Ultimate Geek

Lifetime subscriber

#197959 20-Jun-2016 09:59

I was incidentally involved in a Cryptolocker attack over the weekend. The encrypted files on the infected computer were transferred to mine via Shared Dropbox folder. While I'm pretty sure there is no immediate direct threat, it was a reminder to revise my backup plan for if it ever DOES happen to me.

I recently bought a Synology Disk Station DS216E, with a couple of Seagate 2TB hard drives to use as a media library, but figured I could also do some basic backups to it as well.

Tried a couple of backup strategies:

- Synology Cloud Station Backup (It had backup in the title, I thought it would be suitable)
- Easus Todo Backup Free version

My main issue right now: Neither strategy seemed to get above 10-12MB/s transfer rate from computer to NAS. And sometimes slower.

It's going to take hours to do a backup at this rate.

The Cloud Station Backup option was causing 100% CPU usage on the NAS, so I thought that might be the cause. Also I discovered that this program is an "real time" backup which isn't really appropriate for protecting against Cryptolocker attacks :-) Hence I tried the second option of the Easus Todo Backup. The CPU usage went down, but it also seemed to hit the same speed limit of about 12MB/s. I left it for a few hours, but it failed midway for network related issues (not sure what, I wasn't home at the time)

My setup:

Have a standard Spark Router - Thompson TG585 ADSL Modem/Router - pretty sure this only supports 100MB/s network.
Both Computer and NAS are connected to the router at 100MB/s (confirmed from control panels)
I was monitoring the transfer rate from the Synology NAS interface.

I have found some good advice in this thread: http://www.geekzone.co.nz/forums.asp?forumid=50&topicid=195814 for a few things to try, but I thought I'd do a sanity check as well

Even given that I'm not on a Gigabit network, surely it should be able to transfer faster than the 12MB/s I am seeing?

Any other backup strategy advice will be gratefully accepted if you want to pitch in with your opinions :-)

thanks,

evnafets

shk292

2858 posts

Uber Geek

Lifetime subscriber

#1576924 20-Jun-2016 10:09

Part of the problem is you're mixing up bits per second (bps) and bytes per second (Bps)

A one hundred megabit per second LAN (100 Mbps) will only support 12 Megabytes per second (12 MBps) because there are 8 bits per byte

evnafets

537 posts

Ultimate Geek

Lifetime subscriber

#1576932 20-Jun-2016 10:15

And that would answer my question :-)

That capital B makes a big difference.

1101

3122 posts

Uber Geek

#1576940 20-Jun-2016 10:31

evnafets:

I was incidentally involved in a Cryptolocker attack over the weekend. The encrypted files on the infected computer were transferred to mine via Shared Dropbox folder. While I'm pretty sure there is no immediate direct threat, it was a reminder to revise my backup plan for if it ever DOES happen to me.

Crypto will also attack your backups & shares,syncs you have access to (network files, dropbox etc), if the NAS/backup etc is left connected to the PC .

So just plan/allow for that . You would want a backup that WILL be disconnected from the system : eg multiple USB HD's . Or a cloud backup/sync that keeps previous
versions of the files, so you can go back a week/month & restore those cloud synced files .

jnimmo

1097 posts

Uber Geek

#1576947 20-Jun-2016 10:48

I always make sure to setup separate credentials for NAS backups - i.e. setup a backup account which should be the only account with write access to your backup directory on the NAS.

Then put these credentials into whatever backup software. Sure it doesn't guarantee malware couldn't find these credentials and encrypt the backups on the NAS, but makes it much harder than just being able to connect to a mapped drives with the users default credentials.

evnafets

537 posts

Ultimate Geek

Lifetime subscriber

#1577007 20-Jun-2016 11:50

Good thoughts guys.

I actually have done exactly what jnimmo suggested - created a "backup" user who was the only one with write access to the share.

I was thinking of creating a big backup (disk images or some such) to be stored offline as the "last resort", and then regularly doing smaller backups of just important/working files to the NAS. Will have to look into options around keeping the "history"

linw

2850 posts

Uber Geek

#1577192 20-Jun-2016 15:28

jnimmo:

I always make sure to setup separate credentials for NAS backups - i.e. setup a backup account which should be the only account with write access to your backup directory on the NAS.

Then put these credentials into whatever backup software. Sure it doesn't guarantee malware couldn't find these credentials and encrypt the backups on the NAS, but makes it much harder than just being able to connect to a mapped drives with the users default credentials.

Now, why didn't I think of that! Thanks for the nudge. Agreed, it is not perfect but it is better than using my main account.

I'm mindful of the ransomware threat after a friend got caught out. Macrium image files were encrypted on the USB drive.

I have a separate USB drive in the safe to at least have a fallback of last resorts.

There needs to be a system available that can take a USB drive offline while it is still connected but still allow a backup program to start it up with a password or similar security feature. You might say, just switch the USB on before the backup but the great unwashed just can't be relied on to do this regularly. Certainly, my elderly friend who asked the ransomware onboard couldn't do this.

There is an opening here. Any bright ideas, folks?

MadEngineer

4305 posts

Uber Geek

Trusted

#1577259 20-Jun-2016 16:44

I have my nas box pulling data off my PC to backup with any file changes archived so I can revert any changes. Similar to time machine or file history. This is a must have feature of backups. Backups and archives/versions are not shared so can't be touched by viruses.

You're not on Atlantis anymore, Duncan Idaho.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

jnimmo

1097 posts

Uber Geek

#1577274 20-Jun-2016 16:59

The key is to have another backup of the important stuff too, you could kick it down but still doesn't stop a fire or flood destroying it.. Upload all your photos to Flickr or use an online backup.. I don't think I have anything Id miss too much

I like the idea about the NAS pulling from the computer instead of pushing to the NAS, clever way to avoid tampering!

CYaBro

4590 posts

Uber Geek

ID Verified

Trusted

#1577290 20-Jun-2016 17:29

Veeam Endpoint backup has the option to "disconnect" a USB drive after the backup has completed, however it requires someone to physically unplug it and plug it back in again for the next backup to run.

But that does add some protection from the viruses as they won't see the USB drive once a backup has finished.

Opinions are my own and not the views of my employer.

linw

2850 posts

Uber Geek

#1577529 21-Jun-2016 09:47

Quote:- "however it requires someone to physically unplug it and plug it back in again for the next backup to run."

Therein lies the problem! Thanks for the input, though.

Yes, NAS pull rather than push is a great idea.

jnimmo

1097 posts

Uber Geek

#1577531 21-Jun-2016 09:49

You could have a wifi controlled relay on the USB drive power supply.. scheduled task to turn the drive off after backup job and on before it..

But if there was any malware on the system it would probably just see the drive get mounted at that stage and deal with it then, so might not be any safer.