From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 5E702BB3F for ; Fri, 25 Nov 2022 13:40:54 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4769B1C1A1 for ; Fri, 25 Nov 2022 13:40:54 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 25 Nov 2022 13:40:52 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7BBDA433FD for ; Fri, 25 Nov 2022 13:40:46 +0100 (CET) Message-ID: Date: Fri, 25 Nov 2022 13:40:44 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Content-Language: en-US To: Proxmox Backup Server development discussion , Noel Ullreich References: <20221125121034.3924107-1-n.ullreich@proxmox.com> <20221125121034.3924107-2-n.ullreich@proxmox.com> From: Stefan Sterz In-Reply-To: <20221125121034.3924107-2-n.ullreich@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.490 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_ASCII_DIVIDERS 0.8 Spam that uses ascii formatting tricks KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH proxmox-backup v3 1/1] docs: added section on ransomware X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Nov 2022 12:40:54 -0000 some smaller notes in-line. other than that consider this: Reviewed-by: Stefan Hanreich Reviewed-by: Stefan Sterz On 11/25/22 13:10, Noel Ullreich wrote: > Added a section on ransomware. This includes a bulletpoint in the > main features section and a section in the backup storage section. > The latter section lists mitigation resources in pbs as well as best > practices. > > Updated capitalization to be consistent in main features. Imo, since > these are bulletpoints and not headings, they should be in lowercase > > Signed-off-by: Noel Ullreich > --- > changes since v1: > * squashed multiple commits into one > * added link in main features bulletpoint to the ransomware section > * restructured parts of the ransomware section > * fixed technical errors regarding reading checksum > * fixed my gitconfig ;) > > changes since v2: > * fixed typos > * rephrased some paragraphs > > docs/introduction.rst | 15 ++++++--- > docs/storage.rst | 78 +++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 88 insertions(+), 5 deletions(-) > > diff --git a/docs/introduction.rst b/docs/introduction.rst > index 130536d6..5d5f6297 100644 > --- a/docs/introduction.rst > +++ b/docs/introduction.rst > @@ -58,10 +58,10 @@ Main Features > :Incremental backups: Changes between backups are typically low. Reading and > sending only the delta reduces the storage and network impact of backups. > > -:Data Integrity: The built-in `SHA-256`_ checksum algorithm ensures accuracy > +:Data integrity: The built-in `SHA-256`_ checksum algorithm ensures accuracy > and consistency in your backups. > > -:Remote Sync: It is possible to efficiently synchronize data to remote > +:Remote sync: It is possible to efficiently synchronize data to remote > sites. Only deltas containing new data are transferred. > > :Compression: The ultra-fast Zstandard_ compression is able to compress > @@ -76,16 +76,21 @@ Main Features > provides extensive support for backing up to tape and managing tape > libraries. > > +:Ransomware protection: :ref:`Protect your critical data from ransomware attacks > + ` with Proxmox Backup Server's fine-grained access > + control, data integrity verification, and off-site backup through remote sync > + and tape backup. > + > :Web interface: Manage the Proxmox Backup Server with the integrated, web-based > user interface. > > -:Open Source: No secrets. Proxmox Backup Server is free and open-source > +:Open source: No secrets. Proxmox Backup Server is free and open-source > software. The source code is licensed under AGPL, v3. > > -:No Limits: Proxmox Backup Server has no artificial limits for backup storage or > +:No limits: Proxmox Backup Server has no artificial limits for backup storage or > backup-clients. > > -:Enterprise Support: Proxmox Server Solutions GmbH offers enterprise support in > +:Enterprise support: Proxmox Server Solutions GmbH offers enterprise support in > the form of `Proxmox Backup Server Subscription Plans > `_. Users at every > subscription level get access to the Proxmox Backup :ref:`Enterprise > diff --git a/docs/storage.rst b/docs/storage.rst > index c4e44c72..0fe367b1 100644 > --- a/docs/storage.rst > +++ b/docs/storage.rst > @@ -374,3 +374,81 @@ with a comma, like this: > .. code-block:: console > > # proxmox-backup-manager datastore update --tuning 'sync-level=filesystem,chunk-order=none' > + > +.. _ransomware_protection: > + > +Ransomware Protection > +--------------------- > + > +Prevention by Proxmox Backup Server > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + > +`Ransomware `_ is a type of malware > +that encrypts files until a ransom is paid. Proxmox Backup Server includes > +features to mitigate ransomware attacks by offering easy restoration from backups. > + > +As a best practice, you should keep multiple backups, including outside of your > +network and on different media. Proxmox Backup Server provides the tools to do > +both. It is possible to create :ref:`remote sync jobs `; by > +setting up a remote Proxmox Backup Server you can take advantage of the sync job > +feature and create off-site copies of your backups. This is recommended, since sounds a bit redundant/clumsy? Maybe just get rid of "It is possible to create remote sync jobs" and just start the sentence with "By setting up a remote Proxmox Backup Server you can..." > +offsite instances are less likely to be infected by the ransomware in your local you can get remove the "the" here to make this a bit more concise. > +network. It is also possible to create :ref:`tape backups ` as a > +second storage medium. This way you get an additional copy of your data which > +can easily be moved off-site. > + > +Proxmox Backup Server does not rewrite data for existing blocks. This means that > +a compromised Proxmox VE host, or any other compromised system using > +the client to back up data, cannot corrupt existing backups. > + > +Furthermore, comprehensive :ref:`user management ` is offered by > +Proxmox Backup Server. By limiting a sync user's or an access token's right to > +only write backups, not delete them, compromised clients cannot delete > +existing backups. Following this best practice, backup pruning should be done > +by the Proxmox Backup Server using prune jobs. > + > +While your Proxmox Backup Server can still be compromised, if your backup is > +encrypted by ransomware, the SHA-256 checksums of the backups will not match > +the previously recorded ones anymore. Hence, restoring the backup will fail. > + > +To detect ransomware inside a compromised guest, it is recommended to frequently > +test restoring and booting backups. Make sure to restore to a new guest and > +not to overwrite your current guest. In the case of many backed-up guests, it is > +recommended to automate this restore testing or, if this is not possible, to > +restore random samples from the backups. > + > +In order to be able to react quickly in case of a ransomware attack, it > +is recommended to regularly test restoring from your backups. Make sure to > +restore to a new guest and not to overwrite your current guest. Restoring > +many guests at once can be cumbersome, which is why it is advisable to > +automate this task and verify that your automated process works. If this is not > +feasible, it is recommended to restore random samples from your backups. While > +creating backups is is important, verifying that the backups work is equally typo: one "is" too many > +important. This ensures that you are able to react quickly in case of an emergency > +and keeps disruption of your services to a minimum. > + > + > + > +Other Prevention Methods and Best Practices > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + > +It is recommended to take additional security measures, apart from the ones offered > +by Proxmox Backup Server. These recommendations include, but are not limited to: > + > +* Keeping the firmware and software up-to-date to patch exploits and > + vulnerabilities (such as > + `Spectre `_ or > + `Meltdown `_). > +* Following safe and secure network practices, for example using logging and > + monitoring tools and setting up VLANs. > +* Making plenty of backups using the > + `3-2-1 rule `_: creating > + 3 backups on 2 storage media, of which 1 copy is kept off-site. > +* Retention. Since some ransomware might lay dormant a couple of days or weeks > + before starting to encrypt data, it can be that older, existing backups are > + compromised. Thus, it is important to keep at least a few backups over longer > + periods of time. > + > +For more information on how to avoid ransomware attacks and what to do in case > +of a ransomware infection, see Cisa and pretty sure you need to capitlize CISA here > +`their guide `_.