ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    PCs Backup software that can isolate backup destination to protect from Ransomware virus.

    Scheduled Pinned Locked Moved IT Discussion
    170 Posts 9 Posters 30.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @Dashrender
      last edited by

      @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

      Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

      I feel hurt. LOL.

      While I agree with this, the OP asked for a specific solution. He didn't say... How do I make sure I don't loose any data from my end user PCs?

      Additionally, we just learned that he doesn't have the PCs attached to a domain. This means there is a likelihood that he doesn't have a shared admin credential over all machines ( but it's possible he does), also he's missing out on things like GPOs.

      I do have admin account on all workstations with same credentials. Yeah, missing out GPOs.

      And a massive security hole in the organizations computer systems. . . .

      Why is that? What makes this a larger hole than a domain admin account?

      A domain admin account can have its password reset globally from 1 location, a local user admin account has to be touched on every system. And thus every system is susceptible to having local system files tampered / stolen etc etc with compromised local admin credentials.

      You can also remotely change the local admin account through a script, assuming you know what those credentials are. So no visit needed.

      Don't get me wrong, the OP should definitely get Windows Pro and use some type of AD.

      And assuming you have access to the user system, if it's offline (because it's unplugged or wireless is toggled off) you'd have no access.

      But this goes into the "you've lost physical control of the device" so meh... different subject entirely.

      1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @dafyre
        last edited by DustinB3403

        @dafyre said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

        @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

        ... but the server side licensing would be gone.

        Isn't that where a large chunk of the licensing fees go anyhow? Server License & CALs?

        Yes, User/Client CALs is the bulk of how Microsoft makes their money. The individual OS licensing is beer money, essentially.

        1 Reply Last reply Reply Quote 0
        • DustinB3403D
          DustinB3403
          last edited by

          What CAD programs are you supporting @openit ? The Autodesk family has never been supported on Home versions of Windows from what I can see in their offerings...

          Though this doesn't mean that it doesn't install..

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender @dafyre
            last edited by

            @dafyre said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

            @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

            ... but the server side licensing would be gone.

            Isn't that where a large chunk of the licensing fees go anyhow? Server License & CALs?

            Really those fees aren't really all THAT high. Standard Windows Server is $850 for two VMs on a single host. So $425 ea. CALs are around $35/ea

            Compare these fees to O365 or third party spam filtering, etc, it's right in line with what you pay for everything else for the end user. Is it extra cost that you can get away from, sure, but is it so crippling as to need to completely avoid it at near or any costs? I don't think so.

            Now here's where I'll point out that Scott will say that we need to consider the business, and make proper business decisions to know if Windows is the right solution for us or not. I think he would say that if the company can't afford Windows Pro, then it really can't afford Windows at all.

            DustinB3403D scottalanmillerS 2 Replies Last reply Reply Quote 1
            • DustinB3403D
              DustinB3403 @Dashrender
              last edited by

              @Dashrender I would say that the business is not trying to operate as a business, and just purchasing the cheapest equipment or has a BYOD policy so users can bring in whatever and then it's IT's job to "make it work" no matter how crippled it is.

              I very much doubt that the business is truthfully purchasing Windows # Home....

              DashrenderD 2 Replies Last reply Reply Quote 1
              • DashrenderD
                Dashrender @DustinB3403
                last edited by

                @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                @Dashrender I would say that the business is not trying to operate as a business, and just purchasing the cheapest equipment or has a BYOD policy so users can bring in whatever and then it's IT's job to "make it work" no matter how crippled it is.

                I very much doubt that the business is truthfully purchasing Windows # Home....

                Really? To bad you didn't get that job at the MSP - you'd likely be exposed to small time shops that only buy their machines from Best Buy where you can't get Windows Pro - Where $100 represents 1/5 of the total cost of the machine, of course - those businesses fail to understand that often those computers last about 1/2 as long as better business class machines, and definitely won't be getting support for the next OS - but I guess that concern is actually gone, with Windows 10 being the last version of Windows and all 😉

                1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @DustinB3403
                  last edited by

                  @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                  @Dashrender I would say that the business is not trying to operate as a business, and just purchasing the cheapest equipment or has a BYOD policy so users can bring in whatever and then it's IT's job to "make it work" no matter how crippled it is.

                  I very much doubt that the business is truthfully purchasing Windows # Home....

                  There's nothing wrong with the BOYD, as long as IT is allowed to create an IT environment that is meant to support it - again hosted apps and things like Citrix NFUSE.

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @openit
                    last edited by

                    @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                    @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                    @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                    I would like to ask you, with what would you suggest based on my requirements mentioned in my Post ?

                    I really think that Veeam Endpoint Backup is likely the way to go. As @JaredBusch pointed out, the risk of compromise through ransomware, while important to consider, does not exist today and planning around it is foolish. If you are backing up to NAS, just snapshot to protect against that. The product is commercial, enterprise and completely free and that's not going to change in any reasonable future.

                    Use PDQ Deploy and you can roll it out quickly and easily to your entire fleet without needing Active Directory.

                    I see, so two things coming to my mind 1. Urbackup or 2. Veeam Free with NAS (which should have snapshot facility. But still stuck at central mgmt, don't know if backup is working or failing 😞

                    I do think you should also consider Appassure if you're going the workstation backup route. I think it was like $100 for the license and maybe $15/year for support and is completely centrally managed.

                    1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      @openit do you have the NAS already? If not, you could build a SAM-SD style box, install your backup solution on that box directly and backup locally.

                      I mention this just to make sure those reading this thread are aware that you don't have to have a Server and a NAS when looking at the isolated backup model.

                      openitO 1 Reply Last reply Reply Quote 0
                      • travisdh1T
                        travisdh1 @DustinB3403
                        last edited by

                        @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

                        I feel hurt. LOL.

                        We do have file server on Windows server and users have been given access on and working with. But the issue is with CAD files they work, even do not suggest them to work directly on shared folder which take the performance down, so now they have working data (which is important).

                        Now, your question will be if you have Windows Server, why network is not in domain, and my answer is "so many computers are Home Edition", working on to make all Professional Edition.

                        If the business is running Home Edition licenses of Windows, you have bigger issues. You know you can't implement AD on Home, so you'd have to upgrade those to professional (or beyond).

                        I'm assuming the Windows licensing is adhered to the computers, which means you can't move it from device to device (legally). So you have a few choices, purchase a MAK license, and re-image and upgrade each user system to Windows Professional.

                        Starting with Windows Vista, one could purchase a key that would "upgrade" a version from Home to Pro - no reinstall required.

                        Or try your hand at a linux distro, and see if all of your software is functional on said linux distro.

                        He's a CAD shop - are there many Linux friendly CAD solutions?

                        There are a few options of CAD software for linux, I haven't looked recently to find out if AutoCAD (etc) supports RedHat. I think they do.....

                        Now to google..

                        The CAD software I'm familiar with (IDEAS, Medusa, PRO-E, CATIA) almost all started out on UNIX. PRO-E is the only exception in my short list. Autodesk was always looked at as the "newbies toy"

                        1 Reply Last reply Reply Quote 0
                        • openitO
                          openit @DustinB3403
                          last edited by

                          @DustinB3403 said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                          @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                          @BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                          Hey why hasn't anyone tried talking the OP out of doing this? You know, the whole "no data on the PC" thing?

                          I feel hurt. LOL.

                          We do have file server on Windows server and users have been given access on and working with. But the issue is with CAD files they work, even do not suggest them to work directly on shared folder which take the performance down, so now they have working data (which is important).

                          Now, your question will be if you have Windows Server, why network is not in domain, and my answer is "so many computers are Home Edition", working on to make all Professional Edition.

                          If the business is running Home Edition licenses of Windows, you have bigger issues. You know you can't implement AD on Home, so you'd have to upgrade those to professional (or beyond).

                          I'm assuming the Windows licensing is adhered to the computers, which means you can't move it from device to device (legally). So you have a few choices, purchase a MAK license, and re-image and upgrade each user system to Windows Professional.

                          Or try your hand at a linux distro, and see if all of your software is functional on said linux distro.

                          Around 50% are Home Edition, not all. Yes, no domain for Home Edition. I guess, no need to reinstall os to convert.

                          openitO 1 Reply Last reply Reply Quote 0
                          • openitO
                            openit @openit
                            last edited by

                            @dafyre @DustinB3403 @Dashrender

                            Cad we are using is from AutoDesk.

                            1. Moving to linux could be an option, even Autodesk is supported for linux (say CentOS), that's very big deal, because user knows Windows and we, IT have little knowledge on Linux. To save money I never want to do that, as I learnt from different scenarios and from forums, at the end of the IT will fallen into problems, Management never sees ( if Manager is from IT background, then maybe exceptional case) how many bucks you saved by using free or open source, but loss or downtime, so plans about Linux.

                            2. Even myself, I love opensource software and plays around CentOS, pfsense, Zentyal, and so many. I believe I can set it up properly and get it run, but difficult part is troubleshooting if any issue occurs, so no to Linux as of now at least.

                            3. For sure, I need to push the task of bringing the network under domain.

                            4. On one hand, by seeing issues with Ransomware, I have started to think about Backup for local pc data and other big issue I need to think about is "Users security awareness". And if I plan to migrate to Linux, then I would be gone 🙂 LOL

                            DashrenderD DustinB3403D scottalanmillerS 4 Replies Last reply Reply Quote 0
                            • openitO
                              openit @Dashrender
                              last edited by

                              @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                              @openit do you have the NAS already? If not, you could build a SAM-SD style box, install your backup solution on that box directly and backup locally.

                              I mention this just to make sure those reading this thread are aware that you don't have to have a Server and a NAS when looking at the isolated backup model.

                              No, not yet, I got to purchase NAS, I need to plan for software and then I will purchase.

                              I am not really sure what's this SAM-SD box ? I guess, running some server on Linux which have good storage and then setup it as Backup server ?

                              dafyreD DashrenderD 2 Replies Last reply Reply Quote 0
                              • dafyreD
                                dafyre @openit
                                last edited by

                                @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                @openit do you have the NAS already? If not, you could build a SAM-SD style box, install your backup solution on that box directly and backup locally.

                                I mention this just to make sure those reading this thread are aware that you don't have to have a Server and a NAS when looking at the isolated backup model.

                                No, not yet, I got to purchase NAS, I need to plan for software and then I will purchase.

                                I am not really sure what's this SAM-SD box ? I guess, running some server on Linux which have good storage and then setup it as Backup server ?

                                That's one use for it. Basically it's a server built for reliability more than anything else. @scottalanmiller would be able to better define it since he's the one that came up with the idea... SAM-SD = @scottalanmiller - storage device, lol.

                                openitO 1 Reply Last reply Reply Quote 0
                                • openitO
                                  openit @dafyre
                                  last edited by

                                  @dafyre said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                  @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                  @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                  @openit do you have the NAS already? If not, you could build a SAM-SD style box, install your backup solution on that box directly and backup locally.

                                  I mention this just to make sure those reading this thread are aware that you don't have to have a Server and a NAS when looking at the isolated backup model.

                                  No, not yet, I got to purchase NAS, I need to plan for software and then I will purchase.

                                  I am not really sure what's this SAM-SD box ? I guess, running some server on Linux which have good storage and then setup it as Backup server ?

                                  That's one use for it. Basically it's a server built for reliability more than anything else. @scottalanmiller would be able to better define it since he's the one that came up with the idea... SAM-SD = @scottalanmiller - storage device, lol.

                                  I see. It would be nice if I can get link for article on this topic, I think @scottalanmiller blogged it ?

                                  1 Reply Last reply Reply Quote 0
                                  • dafyreD
                                    dafyre
                                    last edited by

                                    https://www.mangolassi.it/topic/6231/what-is-a-sam-sd

                                    1 Reply Last reply Reply Quote 1
                                    • DashrenderD
                                      Dashrender @openit
                                      last edited by

                                      @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                      @dafyre @DustinB3403 @Dashrender

                                      Cad we are using is from AutoDesk.

                                      1. Moving to linux could be an option, even Autodesk is supported for linux (say CentOS), that's very big deal, because user knows Windows and we, IT have little knowledge on Linux. To save money I never want to do that, as I learnt from different scenarios and from forums, at the end of the IT will fallen into problems, Management never sees ( if Manager is from IT background, then maybe exceptional case) how many bucks you saved by using free or open source, but loss or downtime, so plans about Linux.

                                      2. Even myself, I love opensource software and plays around CentOS, pfsense, Zentyal, and so many. I believe I can set it up properly and get it run, but difficult part is troubleshooting if any issue occurs, so no to Linux as of now at least.

                                      3. For sure, I need to push the task of bringing the network under domain.

                                      4. On one hand, by seeing issues with Ransomware, I have started to think about Backup for local pc data and other big issue I need to think about is "Users security awareness". And if I plan to migrate to Linux, then I would be gone 🙂 LOL

                                      Ransomware does exist on Linux.

                                      Moving to Linux on the desktop would have high costs in the short term, 2-3 years, but in the long term would save you money (potentially). During the starting up, you have a linux consultant who's available to assist in training and break fix of Linux issues. Sure it's expensive the first few years, but either you'll learn it in that time to be as good as you are with Windows, or you should be fired and replaced by someone who already knows Linux.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender @openit
                                        last edited by

                                        @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                        @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                        @openit do you have the NAS already? If not, you could build a SAM-SD style box, install your backup solution on that box directly and backup locally.

                                        I mention this just to make sure those reading this thread are aware that you don't have to have a Server and a NAS when looking at the isolated backup model.

                                        No, not yet, I got to purchase NAS, I need to plan for software and then I will purchase.

                                        I am not really sure what's this SAM-SD box ? I guess, running some server on Linux which have good storage and then setup it as Backup server ?

                                        A SAM-SD is a storage-centric server, nothing more. You can run Windows or Linux on it. But considering that you're looking at needing a server for this task anyhow, why split the task over two boxes, i.e. a server and a NAS, and instead just use an all in one solution.

                                        1 Reply Last reply Reply Quote 2
                                        • scottalanmillerS
                                          scottalanmiller @Dashrender
                                          last edited by

                                          @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                          Now here's where I'll point out that Scott will say that we need to consider the business, and make proper business decisions to know if Windows is the right solution for us or not. I think he would say that if the company can't afford Windows Pro, then it really can't afford Windows at all.

                                          I would definitely say that. That's super cheap.

                                          1 Reply Last reply Reply Quote 2
                                          • DustinB3403D
                                            DustinB3403 @openit
                                            last edited by

                                            @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                            @dafyre @DustinB3403 @Dashrender

                                            Cad we are using is from AutoDesk.

                                            1. Moving to linux could be an option, even Autodesk is supported for linux (say CentOS), that's very big deal, because user knows Windows and we, IT have little knowledge on Linux. To save money I never want to do that, as I learnt from different scenarios and from forums, at the end of the IT will fallen into problems, Management never sees ( if Manager is from IT background, then maybe exceptional case) how many bucks you saved by using free or open source, but loss or downtime, so plans about Linux.

                                            2. Even myself, I love opensource software and plays around CentOS, pfsense, Zentyal, and so many. I believe I can set it up properly and get it run, but difficult part is troubleshooting if any issue occurs, so no to Linux as of now at least.

                                            3. For sure, I need to push the task of bringing the network under domain.

                                            4. On one hand, by seeing issues with Ransomware, I have started to think about Backup for local pc data and other big issue I need to think about is "Users security awareness". And if I plan to migrate to Linux, then I would be gone 🙂 LOL

                                            The idea of moving to an all linux environment, would be to cut out the Microsoft Tax, and to really simplify the management of the business IT needs.

                                            Since AutoDesk is supported on Redhat and CentOS you could go completely open source, unsupported. But this isn't what anyone here is recommending.

                                            We are suggesting you consider using Redhat (which has support) and setup a linux domain. This way you are still supported in all venues that the business IT needs.

                                            DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 9
                                            • 4 / 9
                                            • First post
                                              Last post