Im concerned about ransom where attacks. I have all our pools encrypted most are iscsi, I also pull snapshots periodically through the day, But I wanted to get everyone else’s opinion on how they prepare for something like this in case we have to roll back the data, I know in the windows shares you can just click on the share and got back to previous version. but I also have the iscsi to consider. any app support advice is appreciated…
Windows shadow volume is not a protection against ransomware, being expected a lot of ransomware have techniques to get around it.
Best solution is ZFS snapshots + offsite backups. Make sure the account(s) you use to access the share(s) do not have more rights than they need - and most certainly should not have root / admin rights to truenas. You should be using specific accounts for the shares.
Great thank you I am definitely going to watch jt
I have created a local account that only has access to the share and its not even 777, we do snapshots and have backup exec that rolls it tto tape a d that is even able to work like thumb drive where I can restore whole snapshots or individual files.
You’re pretty set then in case of a ransomware attack, and definitely good not having 777. While I haven’t checked, there may be some red-side / firedrill scripts you can run to see a what-if.