I would like to use Syncthing to sync my backups off-site as part of my backup strategy, I am trying to do so in a way that mitigates against a ransomeware attack, I believe a one-way, write only sync would achieve this. Here’s my scenario:
I have a fast fibre connection between work and home and have permission to use the bandwidth of both. I have two identical 2TB USB 3.0 external drives attached to both my home and work system. Briefly I bring the two external drives local to each other, I perform a full system drive image using Macrium Reflect and save that file to both drives in order to minimise on bandwidth on the initial sync as we’re talking about over 1TB of data. From that point on I take the remote drive to work where I would like it to stay.
My home system backs itself up to the Syncthing folder every two days, it adds a new file which is an Incremental disk image, this is uploaded to the backup drive at work.
I want to try my best to mitigate against a ransomeware attack whereby the scenario lets say is my local computer becomes maliciously encrypted against my will along with the attached backup hard-drive, what I don’t want is those malicious modifications to be synchronised to work unknowingly.
I have tried experimenting with ignoreDelete, Master Folders and readOnly settings in Syncthing however I haven’t achieved exactly what I want. I want any new files to be sync’d Home > Work however I don’t want the Home system to be able to modify existing files on the work system.
Does anyone know of a way that I could set up Syncthing to achieve that? I feel so close but just not quite there! I think a feature like this would be a valuable setting for Syncthing to have, I know a few of my colleagues would be interested in using it for this use-case if it works.
Thank you for your time and help.