How To Use TrueNAS ZFS Snapshots For Ransomware Protection & VSS Shadow Copies

Рет қаралды 59,111

Күн бұрын

Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 5% off your order at
🛒 lawrence.video/techsupplydirect
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
⏱️ Timestamps ⏱️
0:00 The Ransomeware and Issues with Restoring
3:02 The TrueNAS server setup
4:07 Keeping Separate Root Password
5:05 TrueNAS Dataset Configuration
5:34 TrueNAS Share Configuration For VSS
6:55 How To Setup Snapshots on TrueNAS
10:49 Restoing TrueNAS Volume Shadow Copies in Windows
12:30 TrueNAS cloning Snapshot to new dataset
15:42 Performing TrueNAS full rollback with Snapshot
#TrueNAS #NAS

Пікірлер: 53

@voodooutt 2 жыл бұрын

This very thing did happen to me. My 9 yr old son clicked on a pop-up while on the 'net. Welp, it was a ransomware attack, all files locked on local computer + computers connected to LAN + all files on my (then) FreeNAS box. I had my FreeNAS connected as network drives for my weekly backups - all of the backups got locked :( Steps taken to avoid disaster: 1. Unplugged household from internet 2. Unplugged all computers from LAN 3. Rolled back to the snapshot before ransomware attack on FreeNAS box - All files restored 4. Took a portable hard drive, transferred each computer image to it 5. Completely wiped all local computer hard drives of all data (Bootable Acronis Drive Cleanser - using the DoD standard) 6. One at a time, re-imaged each computer with Acronis images 7. Made sure Cable Moden was unplugged for more than a day (made sure I got new IP address) 8. Plugged all back in LAN and Internet Took 2 days, but all computers and FreeNAS box were restored without losing much data at all. The whole time, I showed my son the steps taken from #1 to #8 and what was involved and he now knows why he's got to watch what he clicks.

@charlescc1000 3 жыл бұрын

Tom I’ve found the most valuable thing you provide in your videos is that you explain the topic in a manner that is far more in depth than a simple tutorial of "click here, type this, click that, ok done." Your style of explaining how the system/software works along with your recommended best practices is really the best teaching method IMO. It lets us understand the topic and decide how to best implement for our specific needs. Thanks as always!

@LAWRENCESYSTEMS 3 жыл бұрын

Thanks!

@magnets1000 3 жыл бұрын

You have to be careful when rolling back because it deletes all intermediate snapshots, so make sure you go back to the latest-good one

@TrueNAS 3 жыл бұрын

As always, another great tutorial! We and the rest of the #TrueNAS Community thank you!

@joncalri 3 жыл бұрын

Hi #TrueNAS, any way to backup Hyper-V VMs?, or is planned on the time soon?

@DrHellbenders 3 жыл бұрын

This is a really great explanation and overview of snapshots. Thanks very much! If I might suggest a follow-up: snapshot replication to another Free/TrueNAS server or just S3 storage in general. Either way, thanks so much for this video. I really enjoy seeing your posts. Always informative!

@raptorcybersecurity 2 жыл бұрын

That was a great explainer! I set up my snapshots and followed along with your tutorial, and was amazed at how well the zfs snapshot process works - especially with the Windows File Manager's restore. Anyway, keep up the fantastic work you do.

@NathanBerryNC 2 ай бұрын

Thank you! I was trying to restore through windows and it has been running almost 24 hours with 20 hours left! You're an awesome resource.

@gpmdp 3 жыл бұрын

Another excellent tutorial, even for non english native listeners!!! Verry clear concepts and diction. Thumbs up from Argentina!!

@aliaghil1 3 жыл бұрын

whoever disliked your video, is one of those guys that run ransomware... :)

@janjurak5905 3 жыл бұрын

I was thinking about this in past: if snapshot can protect rannsomware encryption action and was not sure about it. So thank you for opening this topic :)

@jonathanchevallier7046 3 жыл бұрын

Awesome presentation ! Thank you ;-)

@andreavergani7414 3 жыл бұрын

you know a lot of thing Tom. i find your vids intresting , keep doing it. support, ciao

@davidsomething4867 3 жыл бұрын

Funny you bring this up. A few years back an org I'd just turned up for my first day had internet backups to a provider but had a measly download speed, they had just lost their SAN. I'd prefer a local backup offline preferably at a local site within a few miles and a third backup to cloud. I've seen people do cloud backups but the cost of downloading the backups is very costly not to mention time consuming.

@binho0307 2 жыл бұрын

I appreciate their ever! thanks for the content!

@dennischristian9976 3 жыл бұрын

Another great video!

@ultraali453 2 жыл бұрын

Please make a TrueNAS course. Thank you for the video.

@TheSparkybon 3 жыл бұрын

Great stuff, be interested on your opinion of Synology Btrfs snapshots as protection from ransomware. It seems to work in a similar way through DSM.

@VeryTutos 2 жыл бұрын

Great video 10/10

@bobbrown8661 Жыл бұрын

I got hit with one of these few months ago, really stung and didnt have snapshots enabled at the time. Lost some data but chalked it up to experience and have since enabled. One method if you want to browse the snapshots without going into the dataset options and set Snapshot directory to Visible, you should then be able to see it from the root of the dataset under the .zfs folder and this will let you (the user) browse the snapshots via SMB and copy files back over as required.

@JasondeCordoba 3 жыл бұрын

TrueNAS (FreeBSD n' ZFS) hurrah!

@BallerinaElena 3 жыл бұрын

Thanks Tom! Long time viewer and subscriber but my first ever comment....In windows you can use the "previous versions" tab to access a file; however, under linux do you need to clone the drive and mount it to be able to recover the file or is there something similar to "previous versions" in linux that I've missed? Thanks again and keep the videos coming!

@LAWRENCESYSTEMS 3 жыл бұрын

That feature is not in Linux

@onekopaka 3 жыл бұрын

You can go into the .zfs/snapshot folder at the top of a filesystem dataset to get read only access to any of the snapshots of that filesystem. These folders are actually where Samba is pulling from to provide the shadow copy feature. That .zfs folder won't show up in any of your directory listings but it's there.

@sagarsriva 2 жыл бұрын

great!

@69UHF 9 ай бұрын

❤❤❤❤🎉

@TheNefastor 3 жыл бұрын

Just wondering : in case of a ransomware attack, if a snapshot saves the difference between the original and encrypted files, does that mean the snapshot has to have the same size as the whole dataset ? If so, does that mean that you need at least50% free space on your dataset ? When happens if, say, your dataset is 75% full and a ransomware hit ? There shouldn't be enough space to store all the fraudulent modifications, right ?

@LAWRENCESYSTEMS 3 жыл бұрын

Correct, if the system runs out of space it goes into read only mode to stop further writes.

@menash41 3 жыл бұрын

How does this compare to just using sentinel one rollback? Should we use both or would that be redundant?

@LAWRENCESYSTEMS 3 жыл бұрын

Sentinel One rollback is not as robust, I would use both

@coding4well 3 жыл бұрын

can i set up snapshots to be stored on an external drive or cloud?i mean out of that physical server where truenas is running?

@LAWRENCESYSTEMS 3 жыл бұрын

No, the snapshots can only be stored on another system using the ZFS file system, but you can back up TrueNAS data to cloud providers.

@SaviorGuru 2 жыл бұрын

Help needed, How to create permissions on a dataset called : OfficeData, UserName: Admin UserGroup: AdminGroup having Full control whereas another group called OfficeUserGroup (with all user in that group) having ReadOnly permission.

@spicyF1 2 жыл бұрын

This is a good method, however Seafile does these sort of task to perfection, there is an hour gap there, with Seafile there is 0

@djordje1999 3 жыл бұрын

TrueNAS make a snapshot even if "Access" time changes.. Can i disable dublicating these snapshots.. So i want to access time be ignored by automatic snapshots..

@rayyanthamim 2 жыл бұрын

How do I take a snapshot of a Windows Server?

@DigitalEntity 3 жыл бұрын

Hello, i have a pc installed truenas 12. Snapshots are working fine via web interface of truenas. However on Windows i don't see previous versions of files. Any ideas? thanks.

@AlanMillerFencepost 3 жыл бұрын

Not currently using this, but I think you may be confusing Windows shadow copies (previous versions) with snapshots on the NAS.

@Darkk6969 3 жыл бұрын

You need to enable Shadow Copies via the Windows SMB share in FreeNAS/TrueNas. New shares it's enabled by default.

@shmuliksaadi4661 Жыл бұрын

Hi Tom, do you know if it is possible to add a password before deleting a snapshot Of course a special password that is not similar to the Root password This can help in case of Ransomware

@LAWRENCESYSTEMS Жыл бұрын

No there is not. The best way to prevent someone tampering is not letter someone get the root password.