It occured to me that if my win 7 management box was compromised, I'd be in all kinds of pain since someone could then very easily just delete all of my virtual machines. Yes I have backups. It would still suck
7 posts
• Page 1 of 1
Security of the monitor
by steelnwool » Thu Mar 29, 2012 7:43 pm
Its a great convenience to me that Veeam monitor stores the vsphere client passwords so I don't have to type them each time. But I'm curious how it stores them and how secure I should consider it?
It occured to me that if my win 7 management box was compromised, I'd be in all kinds of pain since someone could then very easily just delete all of my virtual machines. Yes I have backups. It would still suck
It occured to me that if my win 7 management box was compromised, I'd be in all kinds of pain since someone could then very easily just delete all of my virtual machines. Yes I have backups. It would still suck
- steelnwool
- Novice
- Posts: 6
- Liked: never
- Joined: Fri Sep 03, 2010 4:44 pm
- Full Name: Jeff MacDonald
Re: Security of the monitor
by Vitaliy S. » Fri Mar 30, 2012 8:34 am
Hi Jeff,
All your passwords are encrypted and stored in our database, so there is no reason to worry about that. As to your concern regarding a possibility of stealing account information for your VI, then please be aware that vSphere Client (in Monitor) functionality is available only for the users that belong to Veeam Monitoring Trusted group, so if you keep your account info in secret, there is little chance of such scenario.
Thanks!
All your passwords are encrypted and stored in our database, so there is no reason to worry about that. As to your concern regarding a possibility of stealing account information for your VI, then please be aware that vSphere Client (in Monitor) functionality is available only for the users that belong to Veeam Monitoring Trusted group, so if you keep your account info in secret, there is little chance of such scenario.
Thanks!
- Vitaliy S.
- Product Manager
- Posts: 8310
- Liked: 201 times
- Joined: Mon Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
Re: Security of the monitor
by steelnwool » Fri Mar 30, 2012 12:01 pm
Except I'm putting all of my eggs within the security of Windows 7.. I guess that is what worries me. Granted its behind a VPN, it needs a password and I only access it with RDP...
Regarding the encryption.. I'm not an expert but "technically" if someone had the source of Veeam Monitor they could decrypt the passwords right? I do agree this is a very low risk/unlikely situation but is 'technically possible' right? (academic discussion here... I'm not actually worried about this)
Regarding the encryption.. I'm not an expert but "technically" if someone had the source of Veeam Monitor they could decrypt the passwords right? I do agree this is a very low risk/unlikely situation but is 'technically possible' right? (academic discussion here... I'm not actually worried about this)
- steelnwool
- Novice
- Posts: 6
- Liked: never
- Joined: Fri Sep 03, 2010 4:44 pm
- Full Name: Jeff MacDonald
Re: Security of the monitor
by Vitaliy S. » Sat Mar 31, 2012 12:14 pm
Just to be on the same page, if your Windows 7 box gets compromised, then why would anyone need our Monitor to access your VI? Why not to use your account for that? 
- Vitaliy S.
- Product Manager
- Posts: 8310
- Liked: 201 times
- Joined: Mon Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
Re: Security of the monitor
by steelnwool » Mon Apr 02, 2012 5:19 pm
Because my windows account isn't tied to my VI at all. My account has one password for windows that shares nothing in common with my vSphere clients etc. Or did you mean another way? If so, let me know. I don't mind pleading ignorance.
- steelnwool
- Novice
- Posts: 6
- Liked: never
- Joined: Fri Sep 03, 2010 4:44 pm
- Full Name: Jeff MacDonald
Re: Security of the monitor
by Vitaliy S. » Mon Apr 02, 2012 9:22 pm
Good for you, as I'm using my domain account everywhere! So answering your first question, these accounts are stored in a secure manner like any other connection account you specify in the application. Thanks!
So answering your first question, these accounts are stored in a secure manner like any other connection account you specify in the application. Thanks!- Vitaliy S.
- Product Manager
- Posts: 8310
- Liked: 201 times
- Joined: Mon Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
Re: Security of the monitor
by steelnwool » Tue Apr 03, 2012 1:31 pm
Fair enough, so I'm at the mercy of how secure I judge windows7 to be I'll at least activate its firewall and what not.
I'll at least activate its firewall and what not.- steelnwool
- Novice
- Posts: 6
- Liked: never
- Joined: Fri Sep 03, 2010 4:44 pm
- Full Name: Jeff MacDonald
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests