Security Camera + LAN-Only NAS (Small Business)
Designed and deployed a LAN-only NAS backup system focused on ransomware recovery and data integrity, alongside a separate DVR-based security camera installation.
Overview
- LAN-only NAS backup system for ransomware recovery
- Separate DVR-based security camera system
- Dedicated network switching for isolation and control
Camera System
I installed four cameras connected to a DVR, which is physically secured and not given unnecessary internet exposure.
- Default passwords changed
- Unused services disabled
- Remote access limited
The DVR operates independently from the NAS and uses its own internal 2TB storage, keeping video recording isolated from the backup infrastructure.
NAS & Backups
The NAS was designed as a dedicated, LAN-only backup system with the primary goal of ransomware recovery, not convenience or remote access.
It is physically connected only to a local switch and two office workstations using Ethernet. The NAS has no internet access and no Wi-Fi connectivity, reducing its attack surface and isolating it from external threats.
Storage & Redundancy
- Two 2TB hard drives configured as a mirrored storage pool
- 2TB usable capacity with full redundancy
- Single-drive failure does not result in data loss
Snapshot Protection
- Daily snapshots retained for 30 days
- Snapshots are immutable to client systems
- Prior snapshots remain recoverable even if files are encrypted by ransomware
Access Model
- Centralized backup dataset accessed over SMB
- Client machines authenticate with non-administrative users
- No ability to modify snapshots or system configuration
- Administrative access restricted to IT only
The system is designed under the assumption that client computers cannot be trusted. Backups remain protected even if a workstation is fully compromised.
Backup Workflow
Backups are user-initiated and controlled, rather than fully automated, to ensure visibility and reduce silent failures.
- Custom local backup utility with a simple graphical interface
- Saved configuration for important directories
- One-click execution to update backups
Typical Workflow
- User launches the backup utility
- Logs in
- Clicks Update Backup
- Selected files are transferred to the NAS
Backups are performed weekly or as needed. Snapshot retention ensures historical recovery points even if a recent backup contains encrypted or corrupted files.
Result
- Ransomware-resilient backups for business-critical data
- Isolated and hardened backup infrastructure
- Independent, reliable video surveillance