A hypothetical setup to defend against ransomware

[thedemon1366]

Dear FreeNASers,

I currently have a hybrid HTPC which hosts all of the HDDs containing the media it uses. For many reasons, I would like to modularise my setup which should include a NAS.

The HTPC is a Windows 7 x64 ultimate machine containing a 120Gigabyte SSD (system drive), a 4 Terabyte and 2x2 Terabyte Western Digital Reds and sources its media via a torrent client.

I would like to build a NAS which will host the HDDs and also act as the torrent server with the HTPC acting as a media client.
Now, what is really important to me is system-wide integrity. I am happy for a disk to fail as the media can be restocked but it would be a big pain if all 3 HDDs' data became unusable at once. I guess a good example of this would be ransomware (or cataclysmic hardware failure).
I would also like to stage regular backups of the HTPC to the NAS which would also be protected from attack.

My current thinking of a setup is the following:

• A FreeNAS server containing 3 pools (1 per HDD)
• Datasets (correct term?) formed on the pools can be shared to the HTPC (NFS shares) but are read-only
• The FreeNAS server runs a torrent client which has special write permissions to the datasets
• Urbackup (open to recommendations on software) would take regular backups of the HTPC and store them somewhere on the FreeNAS server
• Have an additional (small) dataset that allows write permissions from specific users on the network (ease of use storage for users on the network)

My thinking is that if ransomware/other virus hits the HTPC and results in file encryption/loss, the files on the FreeNAS server are protected because they are read-only and I can easily restore the system image with a urbackup backup which is hosted on the NAS.

I don't think any of this is tremendously complicated but, given that FreeNAS seems quite different to the usual Linux experience, I wanted to check that this plan seems sensible. So, do you all think it sounds OK or perhaps you have alternative suggestions?


N.b. (1) I fully appreciate that there is a gaping security hole as the FreeNAS server will download torrents itself directly to the datasets but please humour me and pretend that torrents are malware free.

N.b. (2) I am also aware of the risks to using single vdev pools: https://forums.freenas.org/index.php?threads/single-drive-zfs.35515/

 

[nojohnny101]

i think you are a little confused on exactly what a FreeNAS box can do and how it does it.

First comment is why do you want to still have the HTPC act as a media client (or i guess i'm not clear by what you mean as "media client")? you can just use something like plex inside of a jail on the freenas box to serve all your media to whatever device (streaming box, mobile, any other computer, etc.)

A FreeNAS server containing 3 pools (1 per HDD)

why do you want to do that? that would unnecessarily complicate things and would offer you almost no drive fail protection

Datasets (correct term?) formed on the pools can be shared to the HTPC (NFS shares) but are read-only

no problem.

The FreeNAS server runs a torrent client which has special write permissions to the datasets

yep, freenas can easily handle this through plugins setup in a jail (for security purposes)

Urbackup (open to recommendations on software) would take regular backups of the HTPC and store them somewhere on the FreeNAS server

the most common tool people use on here for that situation is rsync (check it out here)

Have an additional (small) dataset that allows write permissions from specific users on the network (ease of use storage for users on the network)

yep, that is fine. you can create as many datasets you wont on your vdev. this is recommended as freenas provides granular control over permission this way.

i'm not really sure where your fear comes in from ransomware. if you lock down your freenas box appropriately (SSH, with only public/private key exchange, no password authentication, etc.) then the chances of that are slim to none.

 

[Tekz]

With a lot of extra words, all you're saying is you want to use a FreeNAS server as 1.) a read-only storage provider for your media files, 2.) a read/write storage for home drives and 3.) a PC backup. That's fine. You could theoretically set them all up on the same dataset if you wanted, and limit access using Windows ACLs. Or you can do it the way you want to do it and have a different dataset for each type of storage. It'll work fine either way.

Dear FreeNASers,
Now, what is really important to me is system-wide integrity.

3 pools on 3 vdevs is the antithesis of data integrity. If you want this data to be safe and maintain some level of uptime, you should be looking at expanding your drive investment and doing something with raidz2.

[edit]Updating to get to the root of this - ransomware. If you don't want to be at risk of a ransomware infection - don't use the HTPC to access the internet. Don't open emails on it, don't download executables on it (sounds like you're mainly downloading media, so that's not a problem) and don't allow access from the public internet to the device through open services on the box.

 

[thedemon1366]

i think you are a little confused on exactly what a FreeNAS box can do and how it does it.

First comment is why do you want to still have the HTPC act as a media client (or i guess i'm not clear by what you mean as "media client")? you can just use something like plex inside of a jail on the freenas box to serve all your media to whatever device (streaming box, mobile, any other computer, etc.)

The HTPC would run Kodi and access the NFS NAS shares. The HTPC would be a client in this respect (without the internet bit in the middle):

why do you want to do that? that would unnecessarily complicate things and would offer you almost no drive fail protection

In what ways would this complicate things?
I get that I wouldn't have drive protection/redundancy, but single drive loss does not worry me too much. It's mostly media stored on the HDDs and a replacement HDD can easily be repopulated. I'm more concerned about a system-wide loss e.g. the HTPC, the HDDs and the FreeNAS server all being lost in one go.

yep, freenas can easily handle this through plugins setup in a jail (for security purposes)

Yes, sorry I probably wasn't clear about this bit. I know I would have the utilities available to run a torrent client. I was more explaining what the situation would be to get a handle on any security holes.

i'm not really sure where your fear comes in from ransomware. if you lock down your freenas box appropriately (SSH, with only public/private key exchange, no password authentication, etc.) then the chances of that are slim to none.

My 'fears' are that I have a hole in file security. However, it sounds like I don't?

 

[thedemon1366]

With a lot of extra words, all you're saying is...

Sorry about that :(

...you want to use a FreeNAS server as 1.) a read-only storage provider for your media files, 2.) a read/write storage for home drives and 3.) a PC backup. That's fine. You could theoretically set them all up on the same dataset if you wanted, and limit access using Windows ACLs. Or you can do it the way you want to do it and have a different dataset for each type of storage. It'll work fine either way.

Yes, those are what I require but I was more asking whether that setup would provide protection to the data in an attack coming from the HTPC.

3 pools on 3 vdevs is the antithesis of data integrity. If you want this data to be safe and maintain some level of uptime, you should be looking at expanding your drive investment and doing something with raidz2.

Maybe I've misunderstood how ZFS works but I thought that if I have 3 separate 1 drive pools then if one drive fails, the other pools are not affected?

[edit]Updating to get to the root of this - ransomware. If you don't want to be at risk of a ransomware infection - don't use the HTPC to access the internet. Don't open emails on it, don't download executables on it (sounds like you're mainly downloading media, so that's not a problem) and don't allow access from the public internet to the device through open services on the box.

All true but it's also important to consider mitigation as well as prevention. In the event of my HTPC going rogue, how protected is the NAS and its data? By the sounds of it, it would be protected.

 

[Tekz]

All true but it's also important to consider mitigation as well as prevention. In the event of my HTPC going rogue, how protected is the NAS and its data? By the sounds of it, it would be protected.

If you present your data to the HTPC as read-only, yes, it would be protected against ransomware.

 

[thedemon1366]

If you present your data to the HTPC as read-only, yes, it would be protected against ransomware.

Thanks. Apologies with the simple question but, having been hit with ransomware in the past, I wanted to air on the side of caution.

Last question: How does the HTPC backup routine fit into the HTPC's read-only exposure to the NAS? Obviously the HTPC can't push backups and a system image to the NAS; the NAS would have to pull the backups/image itself. This would probably mean giving the NAS read-only access to the entirety of the HTPC. I think I've just answered my own question...

 

[Robert Trevellyan]

if I have 3 separate 1 drive pools then if one drive fails, the other pools are not affected?

This is true. It's not the approach most people here take, because almost any advantage you get from having multiple pools can be had by creating multiple datasets within one pool, plus one pool is easier to manage than three, plus you can introduce redundancy. However, if you're resigned to the inevitability of losing data when a drive fails, it's a valid approach.