public inbox for pbs-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pbs-devel] [PATCH proxmox-backup 1/2] docs: minor re-phrasing and spell checking clean up
@ 2022-11-28 14:34 Stefan Sterz
  2022-11-28 14:34 ` [pbs-devel] [PATCH proxmox-backup 2/2] docs: add paragraph on verification jobs to ransomware section Stefan Sterz
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Stefan Sterz @ 2022-11-28 14:34 UTC (permalink / raw)
  To: pbs-devel

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
---
 docs/storage.rst | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/docs/storage.rst b/docs/storage.rst
index a773b666..5ba419cd 100644
--- a/docs/storage.rst
+++ b/docs/storage.rst
@@ -383,7 +383,7 @@ Ransomware Protection & Recovery
 `Ransomware <https://en.wikipedia.org/wiki/Ransomware>`_ is a type of malware
 that encrypts files until a ransom is paid. Proxmox Backup Server includes
 features that help mitigate and recover from ransomware attacks by offering
-off-server and off-site synchronizations and easy restoration from backups.
+off-server and off-site synchronization and easy restoration from backups.
 
 Built-in Protection
 ~~~~~~~~~~~~~~~~~~~
@@ -399,39 +399,40 @@ The 3-2-1 Rule with Proxmox Backup Server
 
 The `3-2-1 rule <https://en.wikipedia.org/wiki/Backup#Storage>`_ is simple but
 effective in protecting important data from all sorts of threats, be it fires,
-natural disasters or attacks on your infrastructure by adversaries .
+natural disasters or attacks on your infrastructure by adversaries.
 In short, the rule states that one should create *3* backups on at least *2*
 different types of storage media, of which *1* copy is kept off-site.
 
 Proxmox Backup Server provides tools for storing extra copies of backups in
 remote locations and on various types of media.
 
-By setting up a remote Proxmox Backup Server you can take advantage of the
+By setting up a remote Proxmox Backup Server, you can take advantage of the
 :ref:`remote sync jobs <backup_remote>` feature and easily create off-site
 copies of your backups.
 This is recommended, since off-site instances are less likely to be infected by
 ransomware in your local network.
-You can configure sync jobs to not removed snapshots if they vanished on the
+You can configure sync jobs to not remove snapshots if they vanished on the
 remote-source to avoid that an attacker that took over the source can cause
 deletions of backups on the target hosts.
-If the source-host became victim of a ransomware attack, there's a good chance
-that sync jobs will fail triggering an :ref:`error notification
+If the source-host became victim of a ransomware attack, there is a good chance
+that sync jobs will fail, triggering an :ref:`error notification
 <maintenance_notification>`.
 
 It is also possible to create :ref:`tape backups <tape_backup>` as a second
-storage medium. This way you get an additional copy of your data on a
-different, for long-term storage designed medium type which can easily be moved
-around, be it to and off-site location or, for example into an on-site fire
-proof vault for quicker access.
+storage medium. This way, you get an additional copy of your data on a
+different storage medium designed for long-term storage. Additionally, it can
+easily be moved around, be it to and off-site location or, for example, into an
+on-site fireproof vault for quicker access.
 
 Restrictive User & Access Management
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Proxmox Backup Server offers a comprehensive and fine grained :ref:`user and
+Proxmox Backup Server offers a comprehensive and fine-grained :ref:`user and
 access management <user_mgmt>` system. The `Datastore.Backup` privilege, for
 example, allows only to create, but not to delete or alter existing backups.
 
 The best way to leverage this access control system is to:
+
 - Use separate API tokens for each host or Proxmox VE Cluster that should be
   able to back data up to a Proxmox Backup Server.
 - Configure only minimal permissions for such API tokens. They should only have
@@ -443,8 +444,8 @@ The best way to leverage this access control system is to:
    permissions, but to perform backup pruning directly on Proxmox Backup Server
    using :ref:`prune jobs <maintenance_prune_jobs>`.
 
-Please note that same also applies for sync jobs. By limiting a sync user's or
-an access token's right to only write backups, not delete them, compromised
+Please note that the same also applies for sync jobs. By limiting a sync user's
+or an access token's right to only write backups, not delete them, compromised
 clients cannot delete existing backups.
 
 Ransomware Detection
@@ -461,8 +462,8 @@ To detect ransomware inside a compromised guest, it is recommended to
 frequently test restoring and booting backups. Make sure to restore to a new
 guest and not to overwrite your current guest.
 In the case of many backed-up guests, it is recommended to automate this
-restore testing or, if this is not possible, to restore random samples from the
-backups periodically (for example, once a week or month).
+restore testing. If this is not possible, restoring random samples from the
+backups periodically (for example, once a week or month), is advised'.
 
 In order to be able to react quickly in case of a ransomware attack, it is
 recommended to regularly test restoring from your backups. Make sure to restore
@@ -470,7 +471,7 @@ to a new guest and not to overwrite your current guest.
 Restoring many guests at once can be cumbersome, which is why it is advisable
 to automate this task and verify that your automated process works. If this is
 not feasible, it is recommended to restore random samples from your backups.
-While creating backups is important, verifying that the backups work is equally
+While creating backups is important, verifying that they work is equally
 important. This ensures that you are able to react quickly in case of an
 emergency and keeps disruption of your services to a minimum.
 
@@ -489,13 +490,13 @@ limited to:
 * Following safe and secure network practices, for example using logging and
   monitoring tools and dividing your network so that infrastructure traffic and
   user or even public traffic are separated, for example by setting up VLANs.
-* Set up a long term retention. Since some ransomware might lay dormant a
+* Set up a long-term retention. Since some ransomware might lay dormant a
   couple of days or weeks before starting to encrypt data, it can be that
   older, existing backups are compromised. Thus, it is important to keep at
   least a few backups over longer periods of time.
 
 For more information on how to avoid ransomware attacks and what to do in case
-of a ransomware infection, see official goverment recommendations like `CISA's
+of a ransomware infection, see official government recommendations like `CISA's
 (USA) guide <https://www.cisa.gov/stopransomware/ransomware-guide>`_ or EU
 resources like ENSIA's `Threat Landscape for Ransomware Attacks
 <https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-ransomware-attacks>`_
-- 
2.30.2





^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-11-28 15:04 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-28 14:34 [pbs-devel] [PATCH proxmox-backup 1/2] docs: minor re-phrasing and spell checking clean up Stefan Sterz
2022-11-28 14:34 ` [pbs-devel] [PATCH proxmox-backup 2/2] docs: add paragraph on verification jobs to ransomware section Stefan Sterz
2022-11-28 14:52 ` [pbs-devel] [PATCH proxmox-backup 1/2] docs: minor re-phrasing and spell checking clean up Daniel Tschlatscher
2022-11-28 15:03 ` [pbs-devel] applied: " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal