Split-screen-image

Network Considerations for Securing and Safeguarding Your Data

May 14, 2020

Good job for making it to the final part in this series!

This is the fourth and final article in our four-part series about Securing Your Backup Data and Safeguarding Against Ransomware.

The prior articles were intended to help familiarize yourself with ways that HYCU discovers sources and protects data with simplicity.

We also focused on our native anti-ransomware capability, but also shared how we provide the flexibility to further enhance your security posture by choosing storage targets that offer additional options for making backup data difficult to compromise and through simply changing/rotating passwords. The last step in the process of securing your backups is to focus on how to secure the pathways to and from your sources, hosts, and targets.

Fortunately, configuring the virtual network adapters for HYCU is a very simple and straightforward process.

While only one virtual NIC (vNIC) is required, at a minimum, it is possible to multi-home HYCU, by adding a second vNIC to the HYCU VM after deploying it with the first vNIC attached. Once the second vNIC is attached (after deploying the VM), it becomes a configurable item within the HYCU 4.1 Web UI. And, customers can disable the web listener on the second NIC that is being used to access a storage network. 

Based on your target selection, consider the following.

  • If you choose an NFS target for your primary backups, please be aware that appliance may require a whitelist setting to permit traffic to the network storage from HYCU.
  • If you opt for an SMB target, you will need to configure an account with access to a share that you create. It is also important to disallow (or not improperly allow) any unauthorized network access to your backup data share. And, not attach it to other machines in your environment.
  • If you select an iSCSI target, it would be prudent to consider enabling/configuring CHAP (Challenge-Handshake Authentication Protocol), which can be done on the target and within HYCU.
  • For cloud object storage targets, you will need to configure accounts and/or secret/access keys to grant access to the cloud storage. Then you will need to decide if you need an encrypted high-speed isolated connection (configured with peered connection points and appropriate routes), a site-to-site VPN connection, or if you can simply go over the public internet with HTTPS/TLS.    

HYCU’s Web UI can be configured to use a customer or provider generated PKI certificate.

The initial deployment provides a self-signed certificate, but customers can take the next step in using a custom certificate using their own certificate authorities.  Moreover, HYCU’s source connection with Nutanix Prism can also be configured to use certificate authentication. 

If customers take the time to implement the aforementioned measures appropriate for their environments and lock down ports and access, then the final few steps may be to disable SSH access to HYCU, limit access to Prism Element or vCenter UI’s to only the necessary Nutanix and/or VMware Admins (and their administrative workstations/servers) through micro-segmentation.  Doing these things can greatly limit access to the VM console to only those select individuals or machines. 

Above all, using common sense (i.e. not allowing internet access to servers and keeping admin workstations extremely hygienic), carefully selecting your storage targets (to include the kinds that provide anti-ransomware features), and following these network-related guidelines, will remarkably reduce the opportunity for an attack and give you a fighting chance to recover gracefully.

Thank you for following this tech blog series! To read the full series, you can check them out here:

As always, please share your comments and feedback, and you can reach out to us at info@hycu.com if you would like more prescriptive guidance or support.

eclipse
Follow us
eclipse
insights

You might also like...

Backup as a Service
Backup as a Service

Secure Your SaaS: Best Practices for Resilience and Visibility

April 8, 2024
Read more
Backup as a Service
Backup as a Service

Empower Your Data Security: HYCU and OwnData Expertise Unveiled

April 4, 2024
Read more
Data Protection as a Service
Data Protection as a Service

Embracing World Backup Day: A Pledge To Data Protection

March 29, 2024
Read more

Get started today

Seriously, you really need to experience HYCU to believe it.

Try HYCU for FreeRequest a DemoBuild on R-Cloud
R-Cloud NEW
Development Platform
HYCU Backup
OverviewNew at HYCU
Data Protection
Backup & RecoveryDisaster RecoveryData Migration & MobilityHybrid & Multi-CloudRansomware ProtectionSecurity and Compliance
Industries
Federal
Public Cloud
AWSAzureGoogle Cloud
Private Cloud & Data Centers
NutanixNutanix MineVMwareDell PowerScale (Isilon)NetApp ONTAP
As-a-Service NEW
Microsoft 365Google WorkspaceGoogle Kubernetes EngineSee All →
Apps & Databases
SAP HANAOracleSee All →
About
LeadershipBoard of DirectorsCareersResourcesContact Us
Global Partner PACE Program
Find a ResellerResellersService ProvidersAlliance & Technology PartnersReferralsBecome a PartnerDeal Registration
Get Help
Support
Customers
Case Studies
Get Started
Free TrialRequest a Demo
Follow
© 2024 HYCU. All Rights Reserved.
LegalTerms of UsePrivacy PolicyPrivacy Manager