From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 18E5BB45B for ; Wed, 23 Nov 2022 18:57:01 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E9A6725847 for ; Wed, 23 Nov 2022 18:56:30 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 23 Nov 2022 18:56:27 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id C57EB44F11; Wed, 23 Nov 2022 18:48:40 +0100 (CET) From: Noel Ullreich To: pbs-devel@lists.proxmox.com Cc: Noel Ullreich , Noel Ullreich Date: Wed, 23 Nov 2022 18:48:10 +0100 Message-Id: <20221123174810.2703466-6-n.ullreich@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221123174810.2703466-1-n.ullreich@proxmox.com> References: <20221123174810.2703466-1-n.ullreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.400 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_ASCII_DIVIDERS 0.8 Spam that uses ascii formatting tricks KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup 5/5] docs: added section on ransomware X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Nov 2022 17:57:01 -0000 From: Noel Ullreich Added a section on ransomware that lists the features offered by pbs to protect from ransomware as well as best practices outside of pbs Signed-off-by: Noel Ullreich --- docs/storage.rst | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/docs/storage.rst b/docs/storage.rst index c4e44c72..60991cb9 100644 --- a/docs/storage.rst +++ b/docs/storage.rst @@ -374,3 +374,61 @@ with a comma, like this: .. code-block:: console # proxmox-backup-manager datastore update --tuning 'sync-level=filesystem,chunk-order=none' + +.. _ransomware_protection: + +Ransomware Protection +--------------------- + +Prevention by Proxmox Backup Server +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`Ransomware `_ is a type of malware that +encrypts files until a ransom is paid. Proxmox Backup Server includes features to +prevent ransomware attacks. + +Proxmox Backup Server does not allow for existing chunks of a backup to be re-uploaded. +This means that a compromised Proxmox VE cannot corrupt existing backups. + +Furthermore, comprehensive :ref:`user management ` is offered in Proxmox +Backup Server. By limiting a sync user's or an access token's right to only write +backups, not delete them, compromised Proxmox VEs cannot delete existing backups. Backup +pruning should be done by the Proxmox Backup Server itself. + +Should a guest running in a Proxmox VE instance become compromised and encrypted, +it can no longer be backed up by a Proxmox Backup Server instance. This is because the +SHA-256 checksum can no longer be read. This should alert you that your backups are +corrupted and might indicate a compromised Proxmox VE (although it should be noted that +verify jobs can also fail for other reasons, such as bit rot). + +To detect ransomware inside a compromised guest, it is recommended to frequently +restore and boot backups fully. In the case of many backed-up guests, it is +recommended to automate this restore testing or, if this is not possible, to restore +random samples from the backups. + +Other Prevention Methods and Best Practices +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +It is recommended to take additional security measures, apart form the ones offered +by Proxmox Backup Server. These recommendations include, but are not limited to: + +* Using `two-factor authentification `_ + for user management in the Proxmox Virtual Environment. +* Using `Fail2ban `_ to secure the + Proxmox Virtual Environment web interface. Fail2ban monitors login attempts and + temporarily bans IP addresses that try unsuccessfully to log in too many times. +* Using `RSA keys with SSH `_. +* Keeping the firmware and software up-to-date to patch exploits and vulnerabilities + (such as `spectre `_ or + `meltdown `_). +* Following safe and secure network practices, for example using logging and + monitoring tools and setting up vlans. +* Making plenty of backups using the + `3-2-1 rule `_: creating + 3 backups on 2 storage media, of which 1 copy is kept offsite. +* Retaining backups for a few months. Some ransomware might only be encrypted weeks after an infection. +* Creating :ref:`tape backups ` and :ref:`remote sync jobs `. +* Restore testing: frequently test if the backups of the guests can be correctly restored. + +For more information on how to avoid ransomware attacks and what to do in case of a ransomware infection, see `Cisa `_. + -- 2.30.2