I’ve got a MyCloud with SmartWare app. WD Smartware make backups of my files. I’ve created all shares with different users and passwords on different computers.
I’m afraid Smartware connect via SMB and malware can steal the SMB session, am i right? (after last NSA leaks everything is possible Even it is not SMB smartware has to save somewhere credentials and malware still can steal it.
How to protect against that? Is there something like reverse backup - share files to read on PC (via app, FTP or just SMB read only) and WD will download it by itself with versioning etc.?
I have changed default root password, default admin password via webpanel. Is there any firewall rules to allow only, FTP, SSH and webpanel? Of course there is no mapped drives via windows explorer.
Having good anti-virus/security protection. I have used Norton Security for many years. Every once in a while I see a pop-up from Norton on my PC saying something like, Don’t worry about the new XYZ virus/ransomware, Norton has you protected. What else do you need?
BTW, Norton Haters, keep silent please. Norton has been on my computers for many decades, and it is a great program.
Last ransomware uses Windows SMB backdoor. There was not antivirus that could save you because you did not run any app that can be sandboxed or something else. It escalates privileges as admin and can do everything on your computer.
I’m looking for way how to protect automatic backups. Maybe create simple ftp server on windows and do the simple rsync on WD?
It is not that simple to do the file versioning but there is almost ready scripts.
I use Acronis True Image, and set the target to a NAS share that NO ONE has access to, other than Acronis itself. The software stores the credentials in its own configuration. It does daily incremental backups and monthly full backups.
The share is not mapped by the host; only Acronis can access it. So even if my computer gets affected and encrypted, the backups are not reachable by the malware. So, if I get infected, I can restore from a daily before the infection occurred.
I connect via only ssh, use sshfs for manual file transfer & rsync/cron for automatic backups. Authorization is by ssh-keys. No samba/nfs/webgui. There are some reports about webgui login being unsecure so password or no-password doesn’t matter.
You can run rsync on mycloud with rsync daemon on your pc. This all works over ssh, no samba.
You can stop all unneeded services on mycloud, and allow only required port numbers in your firewall blocking all other ports. ( I guess windows firewalls have interactive mode that allows you to choose which applications to allow)
Even it is not SMB smartware has to save somewhere credentials and malware still can steal it.