Unsolved
This post is more than 5 years old
208 Posts
0
3852
AntiVirus on EMC DataDomain
Hey Guys
Currently I am working with EMC VNX(e), Unity with regards to CAVA and AntiVirus and now I am thinking about how this works for EMC DD because I didn't see any CAVA or AV related topics for DD.
I know that when you use DDBoost you have your own protocol and filesystem which is more or less safe and doesn't work anyway with the technology which RPC, CAVA and all the other relies on.
But you can also you normal cifs shares on the DD and many of our customers do. So how to protect EMC Data Domain against Ransomware etc? The only thing I saw is not a product for DD it is more a way of how to design the environment with resperct to backup and security.
https://www.emc.com/collateral/technical-documentation/h15740-dell-emc-ransomware-solution-sb.pdf
So the only security I have is the way I connect the DD to the Backup Server and the Backup Servers AV, is that correct?
Thanks guys
PS: We are using TrendMicro Storage Protect
Dell-JoeB
Moderator
Moderator
•
41 Posts
1
August 23rd, 2017 15:00
You have asked a loaded question. The best defense is to keep your base environment clean. We don't have anything that we can run on the Data Domain to protect against the items you have mentioned. I would be curious to hear more about your environment. Do you replicate to another Data Domain? If so do you use MFR or mtree replication? Let me know because we may have something that might help.
DukeR1337
208 Posts
0
August 24th, 2017 00:00
Hi
We are using M-Tree Replication for most of our customer Environment and for our own. I am just wondering why there is an API for EMC VNX(e), Unity file part but not for EMC Data Domain.
Many customer and our boss as well is scared about the ransomware things out there which could hit us and our backup data.
Thanks
umichklewis
1.2K Posts
0
August 24th, 2017 06:00
Native antivirus in the backup space is almost unheard of. Backup products are optimized for deduplication of data and compression. You get more "bang for your buck" using antivirus on the front-end, never the back-end.
Ask yourself this: If you aren't doing antivirus on the front-end, or don't trust your anti-virus solutions, why trust your backups at all?
There are simple ways to protect yourself from malicious writes to Data Domain. First and foremost, control your access! Do users need Write permissions to Data Domain? In most cases, the answer is 'no', so you shouldn't permit your DD shares to allow them Write access. For users that do need Write permissions, do they need it everywhere? In most cases, the answer is still 'no', so you should limit access appropriately. I can't count the number of environments I've seen where NFS access on DD is '*' and CIFS has Everyone Full-Control.
Second, Data Domain supports snapshots. Use them! If you take a snapshot even daily, you have simple, easy processes to rollback any unexpected change to the backed up data on DD. We take snapshots on our Celerra throughout the day, and offset snapshots on the DD by six hours. That way, if something starts modifying NAS data, we know we have an older snapshot on-disk to rollback to. If we don't catch the corruption on the NAS soon enough, we know we have an older, unmodified version on DD.
Let us know if that helps!
Karl
Dell-JoeB
Moderator
Moderator
•
41 Posts
0
August 24th, 2017 07:00
Karl is correct with his comments. Check with your sales rep we may have an offering that might meet your needs.
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
August 24th, 2017 07:00
snapshots are wonderful for NAS platforms but using snapshots to recover DD shares is not that simple. Sure you can roll back the data but what does that do you to your backup application. You just now orphaned a bunch of records in you RMAN Catalog / Netbackup, . Who is going to reconcile that, if that is even possible.