From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <n.ullreich@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 3AB3BB9A7
 for <pbs-devel@lists.proxmox.com>; Thu, 24 Nov 2022 15:29:31 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 1DA8D1D53
 for <pbs-devel@lists.proxmox.com>; Thu, 24 Nov 2022 15:29:31 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pbs-devel@lists.proxmox.com>; Thu, 24 Nov 2022 15:29:26 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9282F44088
 for <pbs-devel@lists.proxmox.com>; Thu, 24 Nov 2022 15:29:26 +0100 (CET)
From: Noel Ullreich <n.ullreich@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Thu, 24 Nov 2022 15:29:17 +0100
Message-Id: <20221124142917.2856193-2-n.ullreich@proxmox.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20221124142917.2856193-1-n.ullreich@proxmox.com>
References: <20221124142917.2856193-1-n.ullreich@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.350 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_ASCII_DIVIDERS        0.8 Spam that uses ascii formatting tricks
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [wikipedia.org, cisa.gov, proxmox.com]
Subject: [pbs-devel] [PATCH proxmox-backup v2 1/1] docs: added section on
 ransomware
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2022 14:29:31 -0000

Added a section on ransomware. This includes a bulletpoint in the
main features section and a section in the backup storage section.
The latter section lists mitigation resources in pbs as well as best
practices.

Updated capitalization to be consistent in main features. Imo, since
these are bulletpoints and not headings, they should be in lowercase

Signed-off-by: Noel Ullreich <n.ullreich@proxmox.com>
---

 changes since v1:
 * squashed multiple commits into one
 * added link in main features bulletpoint to the ransomware section
 * restructured parts of the ransomware section
 * fixed technical errors regarding reading checksum
 * fixed my gitconfig ;)

 docs/introduction.rst | 14 +++++----
 docs/storage.rst      | 70 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+), 5 deletions(-)

diff --git a/docs/introduction.rst b/docs/introduction.rst
index 369e7e29..e6598171 100644
--- a/docs/introduction.rst
+++ b/docs/introduction.rst
@@ -58,10 +58,10 @@ Main Features
 :Incremental backups: Changes between backups are typically low. Reading and
    sending only the delta reduces the storage and network impact of backups.
 
-:Data Integrity: The built-in `SHA-256`_ checksum algorithm ensures accuracy and
+:Data integrity: The built-in `SHA-256`_ checksum algorithm ensures accuracy and
    consistency in your backups.
 
-:Remote Sync: It is possible to efficiently synchronize data to remote
+:Remote sync: It is possible to efficiently synchronize data to remote
    sites. Only deltas containing new data are transferred.
 
 :Compression: The ultra-fast Zstandard_ compression is able to compress
@@ -76,16 +76,20 @@ Main Features
    provides extensive support for backing up to tape and managing tape
    libraries.
 
+:Ransomware protection: :ref:`Protect your critical data from ransomware attacks <ransomware_protection>` with
+   Proxmox Backup Server's fine-grained access control, data integrity
+   verification, and off-site backup through remote sync and tape backup.
+
 :Web interface: Manage the Proxmox Backup Server with the integrated, web-based
    user interface.
 
-:Open Source: No secrets. Proxmox Backup Server is free and open-source
+:Open source: No secrets. Proxmox Backup Server is free and open-source
    software. The source code is licensed under AGPL, v3.
 
-:No Limits: Proxmox Backup Server has no artificial limits for backup storage or
+:No limits: Proxmox Backup Server has no artificial limits for backup storage or
    backup-clients.
 
-:Enterprise Support: Proxmox Server Solutions GmbH offers enterprise support in
+:Enterprise support: Proxmox Server Solutions GmbH offers enterprise support in
    the form of `Proxmox Backup Server Subscription Plans
    <https://www.proxmox.com/en/proxmox-backup-server/pricing>`_. Users at every
    subscription level get access to the Proxmox Backup :ref:`Enterprise
diff --git a/docs/storage.rst b/docs/storage.rst
index c4e44c72..00c5e519 100644
--- a/docs/storage.rst
+++ b/docs/storage.rst
@@ -374,3 +374,73 @@ with a comma, like this:
 .. code-block:: console
 
   # proxmox-backup-manager datastore update <storename> --tuning 'sync-level=filesystem,chunk-order=none'
+
+.. _ransomware_protection:
+
+Ransomware Protection
+---------------------
+
+Prevention by Proxmox Backup Server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`Ransomware <https://en.wikipedia.org/wiki/Ransomware>`_ is a type of malware
+that encrypts files until a ransom is paid. Proxmox Backup Server includes
+features to mitigate ransomware attacks by offering easy restoration from backups.
+
+As a best practice, you should keep multiple backups, including outside of your
+network and on different media. Proxmox Backup Server provides the tools to do 
+both.
+It is possible to create :ref:`remote sync jobs <backup_remote>`; by setting up
+an Proxmox Backup Server instance off-site and, from there, pulling a datastore.
+This is recommended since offsite Proxmox Backup Server instances will not be 
+infected by the ransomware in your local network.
+It it also possible to create :ref:`tape backups <tape_backup>` as a second 
+storage medium. This way you get an additional copy of your data which can easily
+be moved off-site.
+
+Proxmox Backup Server does not rewrite data for existing blocks. This means that
+a compromised Proxmox VE host, or any other compromised system using
+the client to back up data, cannot corrupt existing backups.
+
+Furthermore, comprehensive :ref:`user management <user_mgmt>` is offered in
+Proxmox Backup Server. By limiting a sync user's or an access token's right to
+only write backups, not delete them, compromised Proxmox VEs cannot delete
+existing backups. Following this best practice, backup pruning should be done
+by the Proxmox Backup Server using prune jobs.
+
+Proxmox Backup Servers can still be compromised, even when taking precautions.
+In case of a compromised Proxmox Backup server instance, encrypted data on the
+Proxmox Backup Server can no longer be verified, since the SHA-256 checksum of 
+the chunks can no longer be read. This should alert you that your backups are
+corrupted.
+
+To detect ransomware inside a compromised guest, it is recommended to frequently
+test restoring and booting backups. Make sure to restore to a new guest and
+not to overwrite your current guest. In the case of many backed-up guests, it is
+recommended to automate this restore testing or, if this is not possible, to
+restore random samples from the backups.
+
+
+
+Other Prevention Methods and Best Practices
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+It is recommended to take additional security measures, apart form the ones offered
+by Proxmox Backup Server. These recommendations include, but are not limited to: 
+
+* Keeping the firmware and software up-to-date to patch exploits and
+  vulnerabilities (such as
+  `spectre <https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)>`_ or
+  `meltdown <https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)>`_).
+* Following safe and secure network practices, for example using logging and
+  monitoring tools and setting up VLANs.
+* Making plenty of backups using the
+  `3-2-1 rule <https://en.wikipedia.org/wiki/Backup#Storage>`_: creating
+  3 backups on 2 storage media, of which 1 copy is kept off-site.
+* Retaining backups for a few months. Proxmox Backup Server allows for flexible
+  backup retention, since some ransomware might only be encrypted weeks after
+  infecting your system or you might only notice an infection a few weeks later.
+
+For more information on how to avoid ransomware attacks and what to do in case
+of a ransomware infection, see 
+`Cisa <https://www.cisa.gov/stopransomware/ransomware-guide>`_.
-- 
2.30.2