Discussions specific to the Microsoft Hyper-V hypervisor
Post Reply
Killian
Novice
Posts: 9
Liked: never
Joined: Jun 30, 2017 1:32 pm
Full Name: Daniel Killian
Contact:

Advice on "Re"Setup to avoid Ransomware

Post by Killian »

Morning all,

We've been running Veeam B&R to backup a 3 node HyperV Failover Cluster for a couple years now and it's been working excellent. We have the Veeam B&R Server itself as a Virtual Server (Windows 2016) and that itself is running on a HyperV server (Windows Server 2012). The Veeam B&R also houses the 'vhdx' file that acts as the backup respository and we then have a QNAP NAS kept offsite that we use for backup copy jobs.

With us being a school this has fit our needs pretty well however with the recent news that more and more schools/colleges are getting hit with Ransomware it makes me realise just how vulnerable this setup is to that should ransomware infect our system and get into either the Veeam B&R Server or even the HyperV Host itself (as it could just encrypt the VHDX file). I'm not sure if I'm being overly paranoid at this point or not but just trying to think how I can protect us better. I've considered adding a second Linux Host to the HyperV server and setting up a repository there as immutable but that wouldn't help in this case as they could just encrypt the linux VHDX.

I was hoping for some advice on whether my 'thoughts' on setting this up could work. Here's what I'm considering;

1. Move most of our backups to the Offsite QNAP Nas. I'd have to lose a long term snapshot or two just due to the size of the storage and it will be a SLOW process but I should be able to get everything backing up to the offsite NAS.
2. Install Veeam B&R on a server seperate to the HyperV host currently housing it. Migrate the config and begin running Veeam from there.
3. Flatten the HyperV Host and install Ubuntu Server to the physical hardware (no hypervisor).
4. Configure the repository as immutable and move backups back across and continue.

I guess my other question to all this is am I being overly paranoid? No connections can be made to our offsite NAS other than from our Veeam Backup Server and no users outside of Domain Admins have access to either the Veeam B&R server or the HyperV Host itself. I just don't want to be caught out so trying to protect us as best I can but also worried I'm causing more of an issue out of it than it needs to.

Any advice would be greatly appreciated.

wishr
Veeam Software
Posts: 2350
Liked: 301 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Advice on "Re"Setup to avoid Ransomware

Post by wishr »

Hi Daniel,

Please take a look at that thread - it contains lots of useful information and expresses several very important points that should help you to improve your data security posture.

Thanks

Post Reply

Who is online

Users browsing this forum: No registered users and 15 guests