On 05/17/2016 01:54 AM, Reindl Harald wrote:> > > Am 17.05.2016 um 03:13 schrieb ToddAndMargo: >> On 05/15/2016 01:00 PM, Andrew Bartlett wrote: >>> On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote: >>>> Hi All, >>>> >>>> Is there anything in Samba that will help protect >>>> against ransomware? >>> >>> I've not had to look into this properly, but I would suggest that >>> regular and genuinely offline backups and regular Read Only snapshots. >>> >> >> On linux, I do xfsdump's and rotate several full backups. I >> also leave the drives unmounted when not in use. Ransomware >> is only dangerous where they can find a drive letter > > that is simply not true > > months ago there where ransomware which discovered shares without a > drive letter assigendyes, I just read Fabians post. Oh on! Is it only CIFS drive shares it goes after?
Hallo, ToddAndMargo, Du meintest am 19.05.16:>>>>> Is there anything in Samba that will help protect >>>>> against ransomware?[...]>> months ago there where ransomware which discovered shares without a >> drive letter assigend> yes, I just read Fabians post. Oh on! > Is it only CIFS drive shares it goes after?It's quite simple: if the user can write onto the share then ransomware also can write. Viele Gruesse! Helmut
>> Is it only CIFS drive shares it goes after? > >It's quite simple: if the user can write onto the share then ransomware >also can write.Samba/Windows shares can be discovered, that's how Windows itself does it when browsing the network. It wouldn't be difficult for a virus to use the FTP protocol as well. However it wouldn't know what server to connect to and what username/password to use if protected. The same is true for other protocols (SSH, rsync etc). That's why those ways of backupping are more secure. Unless the virus goes phishing and makes you enter the credentials... bye Fabi
On 05/19/2016 11:09 AM, Helmut Hullen wrote:> Hallo, ToddAndMargo, > > Du meintest am 19.05.16: > >>>>>> Is there anything in Samba that will help protect >>>>>> against ransomware? > > [...] > >>> months ago there where ransomware which discovered shares without a >>> drive letter assigend > >> yes, I just read Fabians post. Oh on! >> Is it only CIFS drive shares it goes after? > > It's quite simple: if the user can write onto the share then ransomware > also can write. > > Viele Gruesse! > HelmutHi Helmet, Greeting from the USA! I was stationed in Germany for three years in the seventies. I absolutely adored Germany and still miss it at times. An ftp server can be set up to require a username and password. And that can be different than the Windows user name and password. That should throw a wrench in the works! And there is always write only and read only accounts. Wonder if you would get away with that in Samba? -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~