[pbs-devel] [PATCH proxmox-backup v3 1/1] docs: added section on ransomware

Noel Ullreich n.ullreich at proxmox.com
Fri Nov 25 13:10:34 CET 2022 

Added a section on ransomware. This includes a bulletpoint in the
main features section and a section in the backup storage section.
The latter section lists mitigation resources in pbs as well as best
practices.

Updated capitalization to be consistent in main features. Imo, since
these are bulletpoints and not headings, they should be in lowercase

Signed-off-by: Noel Ullreich <n.ullreich at proxmox.com>
---
 changes since v1:
 * squashed multiple commits into one
 * added link in main features bulletpoint to the ransomware section
 * restructured parts of the ransomware section
 * fixed technical errors regarding reading checksum
 * fixed my gitconfig ;)

 changes since v2:
 * fixed typos
 * rephrased some paragraphs

 docs/introduction.rst | 15 ++++++---
 docs/storage.rst      | 78 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+), 5 deletions(-)

diff --git a/docs/introduction.rst b/docs/introduction.rst
index 130536d6..5d5f6297 100644
--- a/docs/introduction.rst
+++ b/docs/introduction.rst
@@ -58,10 +58,10 @@ Main Features
 :Incremental backups: Changes between backups are typically low. Reading and
    sending only the delta reduces the storage and network impact of backups.
 
-:Data Integrity: The built-in `SHA-256`_ checksum algorithm ensures accuracy
+:Data integrity: The built-in `SHA-256`_ checksum algorithm ensures accuracy
    and consistency in your backups.
 
-:Remote Sync: It is possible to efficiently synchronize data to remote
+:Remote sync: It is possible to efficiently synchronize data to remote
    sites. Only deltas containing new data are transferred.
 
 :Compression: The ultra-fast Zstandard_ compression is able to compress
@@ -76,16 +76,21 @@ Main Features
    provides extensive support for backing up to tape and managing tape
    libraries.
 
+:Ransomware protection: :ref:`Protect your critical data from ransomware attacks
+   <ransomware_protection>` with Proxmox Backup Server's fine-grained access
+   control, data integrity verification, and off-site backup through remote sync
+   and tape backup.
+
 :Web interface: Manage the Proxmox Backup Server with the integrated, web-based
    user interface.
 
-:Open Source: No secrets. Proxmox Backup Server is free and open-source
+:Open source: No secrets. Proxmox Backup Server is free and open-source
    software. The source code is licensed under AGPL, v3.
 
-:No Limits: Proxmox Backup Server has no artificial limits for backup storage or
+:No limits: Proxmox Backup Server has no artificial limits for backup storage or
    backup-clients.
 
-:Enterprise Support: Proxmox Server Solutions GmbH offers enterprise support in
+:Enterprise support: Proxmox Server Solutions GmbH offers enterprise support in
    the form of `Proxmox Backup Server Subscription Plans
    <https://www.proxmox.com/en/proxmox-backup-server/pricing>`_. Users at every
    subscription level get access to the Proxmox Backup :ref:`Enterprise
diff --git a/docs/storage.rst b/docs/storage.rst
index c4e44c72..0fe367b1 100644
--- a/docs/storage.rst
+++ b/docs/storage.rst
@@ -374,3 +374,81 @@ with a comma, like this:
 .. code-block:: console
 
   # proxmox-backup-manager datastore update <storename> --tuning 'sync-level=filesystem,chunk-order=none'
+
+.. _ransomware_protection:
+
+Ransomware Protection
+---------------------
+
+Prevention by Proxmox Backup Server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`Ransomware <https://en.wikipedia.org/wiki/Ransomware>`_ is a type of malware
+that encrypts files until a ransom is paid. Proxmox Backup Server includes
+features to mitigate ransomware attacks by offering easy restoration from backups.
+
+As a best practice, you should keep multiple backups, including outside of your
+network and on different media. Proxmox Backup Server provides the tools to do
+both. It is possible to create :ref:`remote sync jobs <backup_remote>`; by
+setting up a remote Proxmox Backup Server you can take advantage of the sync job
+feature and create off-site copies of your backups. This is recommended, since
+offsite instances are less likely to be infected by the ransomware in your local
+network. It is also possible to create :ref:`tape backups <tape_backup>` as a
+second storage medium. This way you get an additional copy of your data which
+can easily be moved off-site.
+
+Proxmox Backup Server does not rewrite data for existing blocks. This means that
+a compromised Proxmox VE host, or any other compromised system using
+the client to back up data, cannot corrupt existing backups.
+
+Furthermore, comprehensive :ref:`user management <user_mgmt>` is offered by
+Proxmox Backup Server. By limiting a sync user's or an access token's right to
+only write backups, not delete them, compromised clients cannot delete
+existing backups. Following this best practice, backup pruning should be done
+by the Proxmox Backup Server using prune jobs.
+
+While your Proxmox Backup Server can still be compromised, if your backup is 
+encrypted by ransomware, the SHA-256 checksums of the backups will not match
+the previously recorded ones anymore. Hence, restoring the backup will fail.
+
+To detect ransomware inside a compromised guest, it is recommended to frequently
+test restoring and booting backups. Make sure to restore to a new guest and
+not to overwrite your current guest. In the case of many backed-up guests, it is
+recommended to automate this restore testing or, if this is not possible, to
+restore random samples from the backups.
+
+In order to be able to react quickly in case of a ransomware attack, it
+is recommended to regularly test restoring from your backups. Make sure to
+restore to a new guest and not to overwrite your current guest. Restoring
+many guests at once can be cumbersome, which is why it is advisable to
+automate this task and verify that your automated process works. If this is not
+feasible, it is recommended to restore random samples from your backups. While
+creating backups is is important, verifying that the backups work is equally
+important. This ensures that you are able to react quickly in case of an emergency
+and keeps disruption of your services to a minimum.
+
+
+
+Other Prevention Methods and Best Practices
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+It is recommended to take additional security measures, apart from the ones offered
+by Proxmox Backup Server. These recommendations include, but are not limited to: 
+
+* Keeping the firmware and software up-to-date to patch exploits and
+  vulnerabilities (such as
+  `Spectre <https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)>`_ or
+  `Meltdown <https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)>`_).
+* Following safe and secure network practices, for example using logging and
+  monitoring tools and setting up VLANs.
+* Making plenty of backups using the
+  `3-2-1 rule <https://en.wikipedia.org/wiki/Backup#Storage>`_: creating
+  3 backups on 2 storage media, of which 1 copy is kept off-site.
+* Retention. Since some ransomware might lay dormant a couple of days or weeks
+  before starting to encrypt data, it can be that older, existing backups are
+  compromised. Thus, it is important to keep at least a few backups over longer
+  periods of time.
+
+For more information on how to avoid ransomware attacks and what to do in case
+of a ransomware infection, see Cisa and
+`their guide <https://www.cisa.gov/stopransomware/ransomware-guide>`_.
-- 
2.30.2

More information about the pbs-devel mailing list