{"id":51044,"date":"2021-06-09T11:30:14","date_gmt":"2021-06-09T09:30:14","guid":{"rendered":"https:\/\/blog.open-e.com\/?p=51044"},"modified":"2025-04-07T12:31:15","modified_gmt":"2025-04-07T12:31:15","slug":"how-to-protect-your-data-storage-from-hackers","status":"publish","type":"post","link":"https:\/\/www.open-e.com\/blog\/how-to-protect-your-data-storage-from-hackers\/","title":{"rendered":"How to Protect Your Data Storage from Hackers"},"content":{"rendered":"<p>\t\t\t\t<span style=\"font-weight: 400;\">In this article you will find a list of the tips on how to secure your server powered by Open-E JovianDSS from hackers. As you may have learned from one of the previous articles: <\/span><a href=\"https:\/\/www.open-e.com\/blog\/data-threats-and-countermeasures\/\"><span style=\"font-weight: 400;\">Data security risks and Open-E JovianDSS countermeasures<\/span><\/a><span style=\"font-weight: 400;\">, many threats may endanger the security of your data. On the other hand, there are proven solutions that will help you protect your data from harm\u2019s way to avoid the fate of <\/span><a href=\"https:\/\/www.nbcnews.com\/tech\/security\/colonial-pipeline-paid-ransomware-hackers-5-million-u-s-official-n1267286\"><span style=\"font-weight: 400;\">Colonial Pipeline<\/span><\/a><span style=\"font-weight: 400;\"> that was recently forced to pay 5 million dollars in ransom for their data.<\/span><\/p>\n<h2>Restrict Access<\/h2>\n<p><span style=\"font-weight: 400;\">The following table presents the protective measures that can be used in Open-E JovianDSS:<\/span><\/p>\n<style>\ntable {\n  font-family: open, sans-serif;\n  border-collapse: border;\n  width: 100%;\n  vertical-align: mid\n}\ntd, th, tr {\n  border: 1px solid #dddddd;\n  text-align: left;\n  padding: 20px;\n   height: 100px;\n  vertical-align: middle !important;<\/p>\n<\/style>\n<table>\n<tbody>\n<tr style=\"background: #f7f7f7;\">\n<td><span style=\"color: #000000;\"><b>TUI<\/b><\/span><\/td>\n<td>\n<ul>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\"vertical-align: center>Optionally protected by a password<\/span><\/li>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Remote access only via SSH (encryption + login with a password)<\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td><span style=\"color: #000000;\"><b>GUI<\/b><\/span><\/td>\n<td>\n<ul>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Restricted IP address\u00a0<\/span><\/li>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Login with a password\u00a0<\/span><\/li>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Possibility to upload own HTTPS certificate<\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"background: #f7f7f7;\">\n<td><span style=\"color: #000000;\"><b>Command Line Interface<\/b><\/span><\/td>\n<td>\n<ul>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Access only via SSH (encryption + login with a password)<\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td><span style=\"color: #000000;\"><b>REST<\/b><\/span><\/td>\n<td>\n<ul>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Access only via HTTPS<\/span><\/li>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Login with a password<\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"background: #f7f7f7;\">\n<td><span style=\"color: #000000;\"><b>NFS<\/b><\/span><\/td>\n<td>\n<ul>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Restricted IP address for Read\/Write and Read Only access<\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td><span style=\"color: #000000;\"><b>SMB<\/b><\/span><\/td>\n<td>\n<ul>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">User authentication by login with a password,\u00a0<\/span><\/li>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Blocked possibility to list available resources<\/span><\/li>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Access Control List (ACL) support<\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"background: #f7f7f7;\">\n<td><span style=\"color: #000000;\"><b>iSCSI<\/b><\/span><\/td>\n<td>\n<ul>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Restricted IP address<\/span><\/li>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">CHAP User Authentication<\/span><\/li>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Mutual CHAP User Authentication<\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td><span style=\"color: #000000;\"><b>FC<\/b><\/span><\/td>\n<td>\n<ul>\n<li style=\"font-weight: 400; text-align: left;\" aria-level=\"1\"><span style=\"font-weight: 400; color: #000000;\">Restricted WWNs have access to the target<\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><\/h2>\n<h2>Basics of Data Security<\/h2>\n<h3>Strong Passwords<\/h3>\n<p>It may sound simple, but not many of us remember this rule: set up a strong password to access all parts of your infrastructure on every possible level, including GUI and TUI &#8211; protect it with a strong password to avoid the easiest way to hack your system. And remember: <strong>admin\/admin is never an option<\/strong>.<\/p>\n<h3>Restricted IP Address<\/h3>\n<p>Additionally, set a list of IP addresses that can access your Open-E JovianDSS system. It\u2019s pure and simple &#8211; if the given IP address is not on the allowed users\u2019 list, the machine with this particular IP address will have no access to the system.<\/p>\n<h3>HTTPS Certificates<\/h3>\n<p><span style=\"font-weight: 400;\">Another layer of security is using the HTTPS certificate. You can either use the one generated by default called a \u201cself-signed certificate\u201d or use a custom one. The latter allows you to upload your private key together with a certificate. To put it simply, a custom certificate is a certificate that is signed by a Certificate Authority (CA) or self-generated. To replace the self-signed default certificate with your own, you have to add files with a private key and a certificate. Currently, we support RSA (Rivest\u2013Shamir\u2013Adleman) or ECC (Elliptic Curve Cryptography) cryptosystems. The following should be considered:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For the RSA encryption, an applicable private key should be at least 2048 bits long.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For the ECC method, only keys based on the following curves are supported:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">P-256 (also known as secp256r1 or prime256v1)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">P-384 (also known as secp384r1)<\/span><\/li>\n<\/ul>\n<h3>Secure Shell Protocol (SSH)<\/h3>\n<p>SSH is a cryptographic network protocol used for operating network services in a secure way over an unprotected network. It provides a secure channel in an unprotected network by using client-server architecture, that is, an SSH client application is connected to an SSH server.<\/p>\n<h3>Challenge Handshake Authentication Protocol (CHAP)<\/h3>\n<p><span style=\"font-weight: 400;\">It is a basic authentication mechanism that has been widely used by network devices and hosts. CHAP provides a way for initiators and targets to authenticate each other with a code or password. Usually, CHAP codes are random, ranging from 12 to 128 characters. It should be noted that the code is never exchanged directly over the network. Instead, a function converts it into a hash value that is subsequently exchanged. Using the MD5 algorithm, the hash function transforms data in a way that results in unique code that cannot be reverted to its original form.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In case when an initiator requires reverse CHAP authentication, the initiator authenticates the target simply by using the same procedure as described above. The CHAP secret has to be configured on the target and the initiator. A CHAP entry containing the name of the node and the code associated with the note is maintained by the target and the initiator.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In a mutual CHAP authentication scenario, the same steps are processed. Once they are completed, the initiator authenticates the given target. Once both authentication steps are successful, data access is permitted.<\/span><\/p>\n<h3>World Wide Names (WWN)<\/h3>\n<p>A World wide name is a vendor-supplied, 64-bit unique identifier number that is assigned to nodes and ports. The Fibre Channel (FC) environment uses two types of WWNs: World Wide Node Name (WWNN) and World Wide Port Name (WWPN). A WWN has a static name on each device as well as on an FC network.<\/p>\n<p><strong>But even with the best security policies, you have to be always ready for the unexpected. So if everything else fails, you need to have access to the very recent copy of your data.<\/strong><\/p>\n<h3>Frequent Snapshots<\/h3>\n<p>Open-E JovianDSS is equipped with functionality that creates snapshots very frequently and you can manage this frequency to adjust it to your company requirements. Instant access to this data allows you to roll back to the state before a virus attack. Thus, in case of a ransomware attack, all your data stays safe.<\/p>\n<h3>On- and Off-site Data Protection<\/h3>\n<p>If you require additional protection, then this is an option you should consider. With On- and Off-site data protection, you can back up your data on backup servers, similar to the way snapshots were used. This way, you are protected against ransomware and other malicious events. You can access your old data and retrieve it in case of a virus or ransomware attack.<\/p>\n<h3>Closing Notes<\/h3>\n<p>In this article, we have discussed some of the methods used to protect your data from hackers. Setting up a strong password is the most essential option to protect your system against external threats, but it\u2019s just a first step in an ongoing battle against cybercriminals. Stay safe and protected!\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article you will find a list of the tips on how to secure your server powered by Open-E JovianDSS from hackers. As you may have learned from one&nbsp;&#8230;<\/p>\n","protected":false},"author":2,"featured_media":51048,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[798],"tags":[86,200,486,590,610],"class_list":["post-51044","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tips-tricks","tag-backup","tag-data-storage","tag-opene","tag-security","tag-snapshots"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/posts\/51044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/comments?post=51044"}],"version-history":[{"count":2,"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/posts\/51044\/revisions"}],"predecessor-version":[{"id":55496,"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/posts\/51044\/revisions\/55496"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/media\/51048"}],"wp:attachment":[{"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/media?parent=51044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/categories?post=51044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.open-e.com\/blog\/wp-json\/wp\/v2\/tags?post=51044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}