Security of the monitor

steelnwool · Post by **steelnwool** » Mar 29, 2012 7:43 pm this post

Its a great convenience to me that Veeam monitor stores the vsphere client passwords so I don't have to type them each time. But I'm curious how it stores them and how secure I should consider it?

It occured to me that if my win 7 management box was compromised, I'd be in all kinds of pain since someone could then very easily just delete all of my virtual machines. Yes I have backups. It would still suck

Post by **Vitaliy S.** » Mar 30, 2012 8:34 am this post

Hi Jeff,

All your passwords are encrypted and stored in our database, so there is no reason to worry about that. As to your concern regarding a possibility of stealing account information for your VI, then please be aware that vSphere Client (in Monitor) functionality is available only for the users that belong to Veeam Monitoring Trusted group, so if you keep your account info in secret, there is little chance of such scenario.

Thanks!

steelnwool · Post by **steelnwool** » Mar 30, 2012 12:01 pm this post

Except I'm putting all of my eggs within the security of Windows 7.. I guess that is what worries me. Granted its behind a VPN, it needs a password and I only access it with RDP...

Regarding the encryption.. I'm not an expert but "technically" if someone had the source of Veeam Monitor they could decrypt the passwords right? I do agree this is a very low risk/unlikely situation but is 'technically possible' right? (academic discussion here... I'm not actually worried about this)

Post by **Vitaliy S.** » Mar 31, 2012 12:14 pm this post

Just to be on the same page, if your Windows 7 box gets compromised, then why would anyone need our Monitor to access your VI? Why not to use your account for that?

steelnwool · Post by **steelnwool** » Apr 02, 2012 5:19 pm this post

Because my windows account isn't tied to my VI at all. My account has one password for windows that shares nothing in common with my vSphere clients etc. Or did you mean another way? If so, let me know. I don't mind pleading ignorance.

Post by **Vitaliy S.** » Apr 02, 2012 9:22 pm this post

Good for you, as I'm using my domain account everywhere!

So answering your first question, these accounts are stored in a secure manner like any other connection account you specify in the application. Thanks!

steelnwool · Post by **steelnwool** » Apr 03, 2012 1:31 pm this post

Fair enough, so I'm at the mercy of how secure I judge windows7 to be

I'll at least activate its firewall and what not.

R&D Forums

Security of the monitor

Re: Security of the monitor

Re: Security of the monitor

Re: Security of the monitor

Re: Security of the monitor

Re: Security of the monitor

Re: Security of the monitor

Who is online