PBS Off-site Sync (Cryptolock)

sander93 · Dec 4, 2020

Hello,

We are really happy with PBS so far, great product!

Question:

On this moment we are running a PBS in our datacenter which back-ups all the VM's in the cluster.
We want to protect us to for example cryptolockers/ransomware that makes not only the data in the VM unusable but in worst case also the back-up, because its in the same network.

Because PBS can sync remote (which pull the data) i was thinking to install a second PBS server on our office location.
But what will happens if for example the PBS data in our datacenter will get encrypted, will the sync also sync this data so the off-site PBS is also unusable?

If so, i think we need to construct something with a offline back-up, for example tapes or USB-Drives.

Kind regards,

Sander

tuxis · Dec 4, 2020

You usually have multiple snapshots available, so your issues exists mainly if the PBS-server itself gets encrypted. If that happens, your verification fails.

Question is, does PBS Sync also sync the datastore if the verification failed?

Alwin · Dec 4, 2020

sander93 said:
If so, i think we need to construct something with a offline back-up, for example tapes or USB-Drives.

Tape support is on our list. But don't ask me about an ETA.

sander93 said:
Because PBS can sync remote (which pull the data) i was thinking to install a second PBS server on our office location.
But what will happens if for example the PBS data in our datacenter will get encrypted, will the sync also sync this data so the off-site PBS is also unusable?

If an attacker can access the PBS server, and is able to encrypt the data on the filesystem. Then the PBS may not recognize the junks at all. Or if that's still possible the remote will only sync the delta and not all junks. If the remote PBS has it's own pruning schedule and doesn't delete vanished junks, the old data should not be touched.

But besides that, the PBS only needs 8007 open. Where you need to authenticate. So the attack service can be quite minimized.

sander93 · Dec 4, 2020

Thanks for the fast response.

So if i open only outgoing ports for the PBS on our office location and incoming is nothing possible we are safe.

Even if the backups on the PBS in the datacenter are encrypted and this will be synced to our office, then the older back-up versions on this same PBS on our office (from example a week ago) will still work.

So in worst case we have still the data (only missing recent information).

Alwin · Dec 4, 2020

sander93 said:
So if i open only outgoing ports for the PBS on our office location and incoming is nothing possible we are safe.

Sorry, I corrected my sentence above. OFC, the clients need to be able to connect to 8007 (default) or a port of choosing. The remote sync job will also pull as well.
https://pbs.proxmox.com/docs/backup-client.html?highlight=port

sander93 said:
Even if the backups on the PBS in the datacenter are encrypted and this will be synced to our office, then the older back-up versions on this same PBS on our office (from example a week ago) will still work.

As long as the PBS doesn't remove the backups, eg. remove-vanished isn't set, then the synced backups will be kept. And since only the delta is synced (if it could be read at all) the old parts aren't touched.
https://pbs.proxmox.com/docs/managing-remotes.html?highlight=vanish#sync-jobs

sander93 said:
So in worst case we have still the data (only missing recent information).

That might be the most likely outcome.

Search

Search

PBS Off-site Sync (Cryptolock)

sander93

Renowned Member

tuxis

Famous Member

Alwin

Proxmox Retired Staff

sander93

Renowned Member

Alwin

Proxmox Retired Staff