Hello
I want to know how to copy the files to a NAS folder shared with username and password without saving them in windows.
I want the network share (preferabilly SMB but NFS is ok too) to be accessible only by freefilesync (i.e. saving username and password inside the software settings) but not from the underlying windows os/user
Thank you
Best regards
Feature request: direct SMB share as target
- Posts: 5
- Joined: 16 Nov 2022
- Posts: 1037
- Joined: 8 May 2006
(I don't know about such things, but...)
What if you connected to the share, normally (even starting from a command line), ran FFS, then disconnected the share?
So something like:
NET USE \\NAS /u:alefello
(which would prompt you for your password)
FreeFileSync.exe
(do what you need)
NET USE \\NAS /delete
(which would delete the share [& login] - theoretically)
I'll leave it at that, as there seems to be some sort of caching or something going on, where I can still access the share even after the /delete.(I don't know about such things, but...)
- Posts: 5
- Joined: 16 Nov 2022
I thought about a similar thing but it has some problems:(I don't know about such things, but...)
What if you connected to the share, normally (even starting from a command line), ran FFS, then disconnected the share?
So something like:
NET USE \\NAS /u:alefello
(which would prompt you for your password)
FreeFileSync.exe
(do what you need)
NET USE \\NAS /delete
(which would delete the share [& login] - theoretically)I'll leave it at that, as there seems to be some sort of caching or something going on, where I can still access the share even after the /delete. therube, 16 Nov 2022, 19:57(I don't know about such things, but...)
- I need to use that in a scheduled batch ffs task, and it's not easy to mount shares with password in batch and then delete then removing the cached password
- in the meantime the ffs process is running, the mapped drive is accessible from every other process, so a ransomware could access it during the backup task, which can be veeeeeery long if the drive has already been partially encrypted and there are many GB to tranfer to the network share
- Posts: 1037
- Joined: 8 May 2006
Disconnect Internet (but leave LAN active) during the backup period.
(Then reconnect.)
If the NAS doesn't actually need to be net facing, block it from the Internet.
(I did that on my end. Actually, I blocked the net from the NAS - mostly.)
Keep your NAS up to date.
(I found that out the hard way ;-).)
(Then reconnect.)
If the NAS doesn't actually need to be net facing, block it from the Internet.
(I did that on my end. Actually, I blocked the net from the NAS - mostly.)
Keep your NAS up to date.
(I found that out the hard way ;-).)
- Posts: 2451
- Joined: 22 Aug 2012
The best thing to do, is to create your FFS Scheduled Task to be run under dedicated user credentials.
See here.
And only that dedicated user (or the credentials stored for that user in the Credential manager for your NAS LAN location) should have access to the NAS share.
Obviously, you need to trust the Windows Credential Manager ...
See here.
And only that dedicated user (or the credentials stored for that user in the Credential manager for your NAS LAN location) should have access to the NAS share.
Obviously, you need to trust the Windows Credential Manager ...
- Posts: 5
- Joined: 16 Nov 2022
This is just a little impossible. It's a batch process that runs every night at 3:00 AM, on a SERVER, and to protect from a ransomware/virus.Disconnect Internet (but leave LAN active) during the backup period.
(Then reconnect.)
If the NAS doesn't actually need to be net facing, block it from the Internet.
(I did that on my end. Actually, I blocked the net from the NAS - mostly.)
Keep your NAS up to date.
(I found that out the hard way ;-).) therube, 16 Nov 2022, 21:37
How can I disconnect the server from Internet every night at 3.00 AM, an alarm clock?
Why should I disconnect a server (that is intended to provide services over the internet too) from internet only to do a backup?
What suggests you that the rasomware/virus works only in the time the server is connected to the internet, and if I got it before, it goes to sleep in the moment I disconnect the server from the internet?
The NAS is actually protected from the internet by a firewall, no services are available from outside, and it's always up to date, but I suspect the NAS will not be the weak link when coming to a virus/ransomware attack, but the PCs and servers in the same network.
Ok thank you. Why do you discard the FTP possibility in favour of the "SMB with another user" possibility?The best thing to do, is to create your FFS Scheduled Task to be run under dedicated user credentials.
See here.
And only that dedicated user (or the credentials stored for that user in the Credential manager for your NAS LAN location) should have access to the NAS share.
Obviously, you need to trust the Windows Credential Manager ... Plerry, 17 Nov 2022, 08:48
- Posts: 2451
- Joined: 22 Aug 2012
> Why do you discard the FTP possibility in favour of the "SMB with another user" possibility?
I don't mention FTP or SMB.
Either one should work, assuming your NAS supports the protocol.
It should also not make any difference for the Credential Manager, as those credentials are used per top-level network location (IP-address), irrespective of protocol.
However, my personal preference is for SMB, as FTP does not or seldom preserve file-dates, while SMB does.
I don't mention FTP or SMB.
Either one should work, assuming your NAS supports the protocol.
It should also not make any difference for the Credential Manager, as those credentials are used per top-level network location (IP-address), irrespective of protocol.
However, my personal preference is for SMB, as FTP does not or seldom preserve file-dates, while SMB does.
- Posts: 1037
- Joined: 8 May 2006
That is not necessarily the case.but I suspect the NAS will not be the weak link when coming to a virus/ransomware attack
There certainly are attacks directly against NAS devices.
https://threatpost.com/ech0raix-ransomware-variant-qnap-synology-nas-devices/168516/
https://www.reddit.com/r/synology/comments/v3kffx/synology_nas_hit_with_ransomware/
https://kb.synology.com/en-us/DSM/tutorial/How_to_add_extra_security_to_your_Synology_NAS
A NAS can be ransomed without the PC's being affected at all.
(And vice versa, of course.)
That you are up to date is good.