It really seems like an effort to solve the wrong problem. Why not just ensure that end-users don't have direct access to the device which is handling backups, or to the back-end storage location of the backups?
It's not like malware cannot lurk and wait for access... Regards, *ASB* *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>* *Providing Expert Technology Consulting Services for the SMB market…* * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 On Sun, Aug 13, 2017 at 5:30 PM, J- P <[email protected]> wrote: > While its possible , it is less likely as most infections are due to users > clicking on or opening something , which will not occur off hours. > > And in reality the window would be shorter since it uses CBT, so on > average the backups are about 10 minutes for most servers, with the > exception of Exchange it usually takes about 45 min. > > > I could theoretically install a new server (off domain) and run the backup > software on that server which would solve the problem- lets see if I can > sell them that idea. > > > thanks > > > > > > > ------------------------------ > *From:* [email protected] <[email protected]> > on behalf of Brian Desmond <[email protected]> > *Sent:* Sunday, August 13, 2017 12:06 PM > > *To:* [email protected] > *Subject:* [NTSysADM] RE: scheduling iSCSI connections > > > So what happens if your ransomware scenario occurs while the backup is > running? That invalidates all your backups at that point as well. > > > > Perhaps I’m thinking of something else but all the backup toolsets I’ve > worked with all push the data over the network to a central system that > interacts with the backend storage/media. > > > > Thanks, > > Brian > > > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *J- P > *Sent:* Saturday, August 12, 2017 10:39 PM > *To:* [email protected] > *Subject:* [NTSysADM] Re: scheduling iSCSI connections > > > > not sure I follow, the backup runs to a "local disk iscsi target" then > replicates offsite- - but I'm assuming (God forbid) ransomware hits the > host then it would also encrypt the "local iscsi disk" - > > > > tia > > > > > ------------------------------ > > *From:* [email protected] <[email protected]> > on behalf of Brian Desmond <[email protected]> > *Sent:* Saturday, August 12, 2017 5:51 PM > *To:* [email protected] > *Subject:* [NTSysADM] RE: scheduling iSCSI connections > > > > Wouldn’t your backup tool be responsible for doing this? This seems very > likely to fail in some way, shape, or form at some point. > > > > Thanks, > Brian > > > > > > Thanks, > > Brian Desmond > > > > w – 312.625.1438 <(312)%20625-1438> | c – 312.731.3132 <(312)%20731-3132> > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *J- P > *Sent:* Friday, August 11, 2017 12:59 PM > *To:* NT <[email protected]> > *Subject:* [NTSysADM] scheduling iSCSI connections > > > > Is it possible to schedule iSCSI connections (connect at 11pm, disconnect > 6 am) > > > > We currently backup our hyper-v guests to our NAS which is presented to > the host via iSCSI, > > > > The goal is to achieve the equivalent of ejecting a tape after backup is > complete, in case of a ransomware infection. > > > > We do also have it offsite, however, I'd much rather restore 6tb locally > than over the wire. > > > > Any thoughts feedback are greatly appreciated > > > > > > >
