hybrid sync alternative

Backup, Restore, Netbak Replicator, Cloud Storage Services
Post Reply
franksch
New here
Posts: 9
Joined: Wed Jul 15, 2020 10:42 pm

hybrid sync alternative

Post by franksch »

Dear all,

I'm looking for a repacement of Hybrid Sync. I need software to make incremential backups of our nas. Because of the recent ransomware problems caused by Hybrid Sync we keep the nas disconnected from the web as much as possible. Hybrid Sync still demands a web connection and is therefore no option.

Does anybody have a suggestion for a reliable, not too complex software, preferably open source?

Regards,

Frank
P3R
Guru
Posts: 13190
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: hybrid sync alternative

Post by P3R »

franksch wrote: Wed Jun 23, 2021 3:09 am Because of the recent ransomware problems caused by Hybrid Sync we keep the nas disconnected from the web as much as possible.
I think you've misunderstood the issue in several ways. It was only NASes that was directly exposed and reachable from the internet that was at risk from the HBS-vulnerability, it was never NASes that had internet access.

If you intend to stop using all Qnap features that at some point had a vulnerability then you'd better shut your NAS down and stop using it forever. If anything, HBS is probably among the Qnap features that have had the least vulnerabilities historically. None of all those Qnap vulnerabilities ever caused any larger incidents though on systems that wasn't exposed and reachable from the internet. It's the direct exposure that is the biggest problem, not that a specific feature/app happened to have a vulnerability or that the system itself can reach the internet.

So if you're exposing your NAS on the internet then stop doing that (even if you change backup software)! That will instantly increase your security several thousand per cent more than if you stop using HBS.
Does anybody have a suggestion for a reliable, not too complex software, preferably open source?
HBS have better system integration than any 3rd-party software will ever get. HBS is supported by Qnap so you will have no blame-game issues from both sides as you often end up with if using 3rd-party software and seek support.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
franksch
New here
Posts: 9
Joined: Wed Jul 15, 2020 10:42 pm

Re: hybrid sync alternative

Post by franksch »

Hello P3R,

Thank you for your response. You are correct in that I'm not an expert on the subject, that's why I rely on the good name of QNAP!

I'm not sure what you mean with 'directly exposed'; our NAS was behind our firewall, with the only ports open to the nas the ports that qnap software specifically reuqested.

Is the information in the blog: https://securingsam.com/new-vulnerabili ... -takeover/ not correct? As I understood from this the way in for the attackers was a username and password combination built in QNAP HBS3. That is why I am not trusting Qnap's requests for contact with the internet anymore.

Regards,
Frank
P3R
Guru
Posts: 13190
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: hybrid sync alternative

Post by P3R »

franksch wrote: Thu Jun 24, 2021 9:36 pm I'm not sure what you mean with 'directly exposed'; our NAS was behind our firewall, with the only ports open to the nas the ports that qnap software specifically reuqested.
I have no idea what you mean by "specifically reuqested" by the Qnap software.

Your system is directly exposed if you or anyone else (even the Qnap itself can unfortunately do that if it is configured that way and your router/firewall is also configured to accept those requests from the Qnap) actively open inbound ports from the outside of your internet-facing router/firewall and direct that traffic to the Qnap. For using your Qnap on your internal network there is absolutely no requirement whatsoever to open any inbound ports to a Qnap and there never have been!

That the Qnap access the internet searching for updated (and more secure) software, sending problem notification warnings to the administrator and a few other things is a completely different issue. It doesn't require any inbound ports open, if you have opened any inbound ports for that they are unnessecary and if so they should be closed immediately. The Qnap of will of course need outbound communication for this but it doesn't lead to any significant risk for your system. In fact for inexperienced users outbound access will be very important to help the customer to keep their system as secure as possible.

Close all open ports directed from the outside to the Qnap immediately! They're a ticking bomb even if you have stopped using HBS3! As a matter of fact Qnap today informed us about a new vulnerability that affect directly exposed systems. Being Qnap they unfortunately don't give their customers any information about what software app or feature is the cause of this vulnerability either but my bet is on that it wasn't HBS3 this time but one of the many other suspects.

Qnap have unfortunately for many years encouraged users to open ports for remote access despite not having secure enough software for such exposure. There are many of us more security minded administrators that have for years warned about that this can only end with disaster but very few wanted to listen to us. Customers preferred to believe that it was secure as it was recommended by Qnap. Now when the sh*t have hit the fan massively several times, even Qnap don't recommend exposing their systems directly on the internet any more so stop doing that if you still do!

If you absolutely need to have remote access to the Qnap NAS then you should use a remote access VPN solution (preferably implemented on your internet-facing router/firewall) to protect that remote access.
Is the information in the blog: https://securingsam.com/new-vulnerabili ... -takeover/ not correct? As I understood from this the way in for the attackers was a username and password combination built in QNAP HBS3.
As far as I know it's correct but
  1. That awful vulnerability in HBS3 have since been fixed.
  2. Many other Qnap softwares have had as serious security vulnerabilities before HBS3. Some have had probably 10 vulnerabilities or even more while HBS3 have had one or at least very few.
  3. I don't remember which vulnerability was used with the QSnatch vulnerability around 18-19 months ago but it wasn't HBS3. Many thousands (some reports claim +60 thousands) of Qnap devices was controlled by hackers but that was discovered (not by Qnap though) and could be stopped before the hackers started to use all those Qnaps for whatever criminal purpose they had planned. In my opinion, the potential damage that massive QSnatch break-in could have caused was much worse than what have unfortunately happened with QLocker.
  4. HBS3 is a software intended to safeguard your data. Most other Qnap softwares that have had security vulnerabilities over the years are non-essential multimedia apps and features that aren't in any way necessary to protect your data.
  5. Except for the vulnerability that recently hit the Qnap cloud service myQNAPcloud Link I'm not aware of that any of the many Qnap software vulnerabilites was a significant threat to any Qnap NAS that had no inbound ports opened to it. In light of that first Qnap cloud service vulnerability, I will not recommend the use of Qnap cloud services any more as that is a real risk even without any open inbound ports.
It's the open inbound ports that are the major causes of insecurity and not vulnerablities in this or that specific Qnap feature or app.
That is why I am not trusting Qnap's requests for contact with the internet anymore.
Until you tell us what you mean with "contact with the internet" it's extremely hard to understand what you do or give advice. If you allow traffic initiated from the internet to the Qnap, that's extremely insecure and dangerous but if you allow your Qnap to reach the internet to check for new QTS firmware that most likely make your NAS more secure than if you disallow that traffic.

To stop using HBS3 because of that it happened to be the vulnerability used in the last major attack that's not a good decision and that will most likely cause you and your data much more harm than good.

I've now tried to be as clear as I can. If it isn't enough, then I'm sorry but I don't think I can help you more. My recommendation is that you hire a qualified consultant with both Qnap and security knowledge to assist you further.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
Obelisk
New here
Posts: 3
Joined: Tue May 17, 2022 5:20 am

Re: hybrid sync alternative

Post by Obelisk »

Is there any chance that the OP's question can be answered? Any suggestions for a replacement of Hybrid Backup Sync?

My particular issue is that valid files are not being backup up, identified as failures and then the whole backup job is stopped. Example failure:
[Hybrid Backup Sync] Backup job "Backup 1": Failed to upload file/folder from "/South-Music/iTunes/iTunes Music/Imagine Dragons/Continued Silence - EP/05 It's Time.m4a". Error: Error

What is "Error: Error" supposed to mean?

Regards
P3R
Guru
Posts: 13190
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: hybrid sync alternative

Post by P3R »

Obelisk wrote: Tue May 17, 2022 5:36 am Any suggestions for a replacement of Hybrid Backup Sync?
Backup software that integrates well in the Qnap, doesn't lock the user in with a proprietary backup format and that have an extremely space efficient versioning feature aren't easy to find. HBS does that, is supported by Qnap and is free. Those are the reasons that I've been using HBS since it was released and so far haven't tried anything else.
What is "Error: Error" supposed to mean?
Qnap offer free support so please ask that question to those that wrote the software.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
Post Reply

Return to “Backup & Restore”