![]() ![]() So your posting on 17:38 was not several months before my posting, please stop posting such nonsense. You've answered several months later explaining how you resolved the problem of a lack of an air gap with a strategy of non-domaining. As in "Oh, someone with domain admin rights is running my malware, I don't have to re-authenticate on any other workstation or server since I'm domain admin" type that this should protect againtĮjenner wrote:The issue is that the original post said 'lack of an air-gap' was a problem. And I didn't mean the malware "obtained domain credentials" - I mean SSO (as in Single Sign On). It targeted the fact that it's not about malware acting different for domain vs. That's not at all 'Air-gap' (I'm pretty sure I didn't imply that because our Air-gap Backup is Offline Tape) - it's an added layer that has to be breached to gain control of the backups (to delete or encrypt them). These days I'd say the 3-2-1 rule is more important than ever given the frequency of disclosure sub-OS level vulnerabilities. It depends on how much you want to protect your data. 'Air-gap' is the wrong way to describe what you've configured. If a different attack vector were in play having those servers non-dom'ed would provide no protection at all. If I were writing some nasty code I think I'd probably have it as a design parameter to treat all computers the same rather than trying to distinguish between domained and non-domained machines.Įjenner wrote:That protects against one kind of attack where the malware has obtained domain credentials. ![]() Lastly, I'd say if you were unlucky enough to have something that nasty on your internal network that I doubt it would be playing fair and only using Microsoft Windows domain or non-domain access methods for getting to your data. But you must have 'Enterprise Plus' license for that. So put your Veeam system on an entirely different network and use the cloud connect functionality. Where you have different flavors of OS it's less likely your whole organization could be taken out with one version of a malware infection. A bit like tape, but using disks instead.Īnother option is to use a mixture of Windows and Linux repositories. So you take disks out and put other disks in. You could use 'rotating disks' on your repository. There are some things to think about if you're putting in a maximum resistance to nasty malware. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |