[gpfsug-discuss] Ransom attacks

[Skylar Thompson]

You can get clever/complicated (the interpretation could go either way)
with ACLs and SELinux but, at the end of the day, nothing beats the air-gap
of tape backups, IMHO. You might consider a belt&suspenders approach that
includes all of the above plus other controls (2FA, network security,
etc.), and in my experience combining multiple solutions gives flexibility
in that it can be easier to avoid the higher-cost aspects of one solution
taken to an extreme by having one layer mitigate the shortcomings of
another layer.

On Thu, May 27, 2021 at 04:10:39PM +0100, Henrik Morsing wrote:
> 
> Hi,
> 
> It struck me that switching a Spectrum Protect solution from tapes to a GPFS filesystem offers much less protection against ransom encryption should the SP server be compromised. Same goes really for compromising an ESS node itself, it is an awful lot of data that can be encrypted very quickly.
> 
> Is there anything that can protect the GPFS filesystem against this kind of attack?

-- 
-- Skylar Thompson (skylar2 at u.washington.edu)
-- Genome Sciences Department (UW Medicine), System Administrator
-- Foege Building S046, (206)-685-7354
-- Pronouns: He/Him/His