How to back up data from Linux and Windows machines centrally with Bareos and restore them in case of disaster.
Performing periodic backups in computer networks is indispensable. In times of Locky and other ransomware backups are often the only option left to regain access to your data. Nevertheless, for backups to be effective against these types of threats, a number of aspects have to be considered.
In the town of Dettelbach the nightmare came true: in the beginning of february a trojan locked access to the electronic data of the lower franconian town by encrypting files and folders. Presumably trojan „Tesla-Crypt“ gained access to the computers in the town’s network when an employee opened a malicious email attachment. Bare of any other options, the mayor decided to pay the ransom. Altough the amount of 490 Euros demanded in this case might be considered a relatively small sum, it can be assumed that in other cases such payments have been considerably higher. The number of unreported cases is presumably high.
While it is safe to assume that, concerning trojans and other malware, complete safety is impossible, every end user and company can achieve a significantly higher level of data security by taking preventive measures such as backups and preparation for disaster recovery.
lainly spoken: backups do not offer any protection against viruses or other damages. Ranked first in the ‘business continuity“ strategy still are the established measures against attacks of all kinds. But in case disaster strikes despite every precaution, a good backup concept can minimize the loss or even eliminate it completely.
With Bareos on UCS a central backup for Linux and Windows machines can be implemented in next to no time. Just install Bareos from the Appcenter, adapt it according to the documentation and activate ‘Bareos Backup’ in the management console. The configuration for the clients will be generated automatically, and the only thing left to do is to install the Bareos-Client using that previously generated configuration. Henceforth Bareos will reliably backup all data from the network on a regular basis, as configured.
The data that shall be backed up can optionally be encrypted on the client by use of individual cryptographic keys before it is transferred over the network. In this scenario particular care is required: if the keys are lost or encrypted by a trojan, it will not be possible to decrypt the data from the backup.
The storage of backup data themselves is a equally sensitive topic. If the data are stored on tapes, trojans are no immediate threat. In case of backup-to-disk though, it has to be made sure that the disks are not accessible as network drives and can only be written to by the Bareos-service.
To play it safe you should use a dedicated server that exclusively runs the Bareos-Storage-Daemon (SD) as a service and apart from that does not allow for any network connections. Thus it is ensured that the backed up data can only be accessed through Bareos.
he backup-software itself should always be up-to-date and maintained. For productive environments therefore a subscription- and support-package from the manufacturer is recommended, which is available through the Univention shop or through Univention / Bareos partners. Support with planning, implementing and running a backup solution with Bareos on UCS can be sought from Bareos / Univention partners as well.