Solved: Securing the server side of DLO?

maliseet · ‎01-05-2016

Hi folks...

I post this with the disclaimer that we've only recently obtained DLO for our desktops. I noticed that the default method of installation opens up a few network shares, and I'm guessing--based off of my experiences so far--that clients push the backed-up data to the server hosting the shares. Now, if I recall right, there are variants of cryptolocker/cryptowall that can crawl the network for shares and infect that way.

Is there a good guide out there to help me secure our installation better? And/or, is there a way to configure the DLO server to *pull* the data from each client, so as to *not* have to have extra shares open that could be a source of data corruption?

Thanks!

VJware · ‎01-05-2016

Data is encrypted during the network transfer.

Additionally, the data present in the network shares cannot be accessed by unauthorized users since -

1) Appropriate NTFS security & sharing permissions are set on the shares as follows -

Share Permissions on the root NTFS folder defined as the NUDF

Administrator: Full Control
Everyone: Full Control

Security Permissions on the root NTFS folder defined as the NUDF

Administrator: Full Control
Everyone: Read and Execute, Read and List Folder Contents

Security Permissions on the NTFS sub-folder within the NUDF for the specific user

Administrator: Full Control
UserID: Full Control

2) User data present in the shares are encrypted with a 256-bit algorithm. Apart from the DLO Administrator no one else can open those files. Additionally, if the DLO profile permits, the user can access only his/her files, but not others.

Would recommend a read of the DLO Administration Guide & network shares are required. Cannot be disabled for DLO.

View solution in original post

VJware · ‎01-05-2016