| Having recently acquired a NAS for use (among other things) as a single source of truth for photos spanning ~15 years, I have done a lot of research around backups. These are the threats I have considered and would like to mitigate against, in no particular order: 1. Physical damage or theft to the NAS and supporting hardware (e.g. backup drives in my home).
2. Accidental deletion or corruption of files through user error.
3. Ransomware which targets my NAS. In particular a sophisticated malware author could target common cloud backup destinations by looking for credentials stored on the NAS, and delete any backups, although I have not heard of any such attacks in the wild. The first threat seems simple enough to mitigate: make regular backups backed by cloud storage, and keep offline credentials for accessing the backup in multiple geographical locations as well as a cloud based password manager. The second is also not troublesome: use a filesystem which supports versioning and take regular snapshots. The third is where I have been somewhat disappointed by the options. An effective strategy is to keep an external hard drive which is plugged into the NAS regularly and keeps a clone of the data. However, an extremely cunning malware author could still pre-empt this by corrupting data on plugged in drives. This is extremely unlikely, but here's where I was hoping for better options in cloud backups: effectively all the pieces are in place for immutable backups, except for the tooling. Options such as restic and rclone don't have good (if any) support for targets which support immutability, such as AWS S3 and BackBlaze B2. My current solution is to use a version of restic which I have patched to not require delete permissions when targeting B2, and very carefully manage API keys so that deleting backups would require compromising my BackBlaze account. In case a script does try to corrupt the backup repository, there are few if any supported ways of accessing a past version of a B2 bucket, although rclone comes very close and could support this very nicely with some minor tweaks to the B2 backend. I will be keeping a close eye on this, and hopefully if I have the time I can make some PRs to push the open source tooling in this direction. |
* Physical security. On 1, in case you have a synology NAS, it does not offer full disk encryption. Its folder encryption also has a number of problems. Your mitigation here (back ups) doesn’t help with loss of data to others.
* Network security. In addition to the physical security, consumer NAS devices don’t do enough in network security. Some of them come with closed source operating systems with a lot of potentially dangerous sharing and networking features. The code is often not reviewed.
On 2., you can use ZFS or btrfs, and they offer good features, but come with separate set of problems.
I spent some time on NAS security and couldn’t find a good solution. I thought I better let Amazon and google to secure my data.