just need some help on eject a USB ext hhd from a vfp application

[Ernesto_Paez]

Hello everyone,
I have two external usb 3.0 hhd connected to a server OS WIN 2008 SERVER STANDARD R2 64BIT, for backup.

so i use one to backup some days of the week and switch manually to the other for the other days of the week, so, what i do, i disconnect manually one of the hhd, when it is not needed to backup.

so i want to avoid in case of a Ransom-ware, get into the server and also hit the ext hhds, i would like to know of anything that i can do after the backup is done to eject the ext hhd in place, this way in case of any attack, then, it will not spread out to the backup that is contained in that ext hhd if it is ejected, now if there is an auto way to bring that one already ejected back online again, that will great, otherwise, will have to do it manually.

Any suggestions or any exsiting VFP routine, that use WMI ?
Thanks in advance

 

[mplaza]

To protect backups you can create a special account in your system ( backupUsr ), then create a partition wich only that account can access. Later just impersonate that user to run the backups using that partition.



Marco Plaza
@vfp2nofox

 

[Olaf Doschke]

That's a good idea, though ransomware most probably succeeds in getting administrative permissions. Anyway, you maybe could combine all this. As I read locking also automatically means unmounting, so actually you only need to combine locking and restricting permissions to a backup user account.

The only disadvantage I see from locking is, you depend on the handle staying valid and be kept open by your process. If your process is terminated the handle closes and that would unlock and mount the drive back, if I understand the remarks correctly. Quote 1: "The NTFS file system treats a locked volume as a dismounted volume.", Quote2: "A locked volume remains locked until...the handle closes, either directly through CloseHandle, or indirectly when a process terminates." The latter, the closing of a handle through terminating a process, makes a lock very vulnerable, a ransomware would only need to kill every process it doesn't need to run itself and is even likely to do or try that with anitvir processes and all running apps for the reason to need max RAM and performance from the system. Then the lock would unlock, the drive would not be treated as dismounted, so it'll be back for usage and only the restriction of access by a backup user account would hinder ransomware to write there.

I think it would be less probable of ransomeware to try to mount drives than to try to kill as many unnecessary processes as it can to act most fast and uninflenced, so the combination of unmounting the backup volume and a restriction of access to a backup user account seems best to me.

Bye, Olaf.

 

[Ernesto_Paez]

atlopes,
Yes the externals HHD, ARE ONLY USED for backup.
So how to locked then ?
how do use FSCTL_LOCK_VOLUME control code and how to unlock too
Thanks in advance

 

[Ernesto_Paez]

To protect backups you can create a special account in your system ( backupUsr ), then create a partition wich only that account can access. Later just impersonate that user to run the backups using that partition.

Can you please explain me this a little better, as i don't understand, what do u mean, by creating a partition ony for that account.
i need to backup the server, that includes, data from where ever in the server as been modified or added, so don't get "create a partition for only that account can access, later just impersonate to tun backups using that partition"
sorry i am not at your levels, need a little better explanation for a guy, that is not that smart
Thanks in advance

 

[mplaza]

Here you'll find it well explained , check 'securing vfp data':

http://portal.dfpug.de/dfpug/dokumente/foxtalk/webextras/securevfp_vb03k.pdf

Marco Plaza
@vfp2nofox