Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
LukeAd
Enthusiast
Posts: 26
Liked: 6 times
Joined: May 07, 2014 2:35 pm
Full Name: Luke Admin
Contact:

Security hardening and/or best practice guide

Post by LukeAd » 1 person likes this post

First I must say thank you and great job on VEB...a fantastic product (at a great price!)

For some time we have used VBR for our servers, and now with VEB for our user endpoints I feel our backup strategy is complete.

However after narrowly escaping disaster last year when one of our users got infected with Crypto-ransomware, I have been looking for ways to sleep peacefully at night with the assurance that our backups are as safe as possible.

I have read many threads on here where others are obviously also afraid of ransomware getting into their backups, but I have had a difficult time piecing together a comprehensive and authoritative set of steps from all these threads that I can follow to feel like I'm doing the best I can to protect my backups against ransomware.

In this thread it looks like a potentially great Veeam hardening document is being worked on, but as that thread is in the VBR forum, I don't know if this will also include VEB.

Is there (or will there be) a definitive "all in one place" guide on best practices for security and for shielding backups from ransomware-type threats in VEB? Something like this would be a HUGE benefit for the IT jack-of-all-trades but master-of-none types like me that do their best to cover so many bases but benefit most when somebody just puts all the best advice in one central place.

Thanks again for great stuff...I can truly say I love using anything from Veeam!
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Security hardening and/or best practice guide

Post by Dima P. »

Hi Luke,

Thank you for kind words! Several recommendation were discussed in this thread – take a look and let us know if it helps.
LukeAd
Enthusiast
Posts: 26
Liked: 6 times
Joined: May 07, 2014 2:35 pm
Full Name: Luke Admin
Contact:

Re: Security hardening and/or best practice guide

Post by LukeAd »

Thanks, I had already read that thread twice (among a number of others). :wink:

So then I guess the answer to my question is, "no, there will not be a security hardening or best practice guide for VEB" like the one that is being worked on for VBR?
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Security hardening and/or best practice guide

Post by Dima P. »

Honestly, we did not plan a dedicated guide for VEB, but I’ll share your request with the team. Thanks!
caballo2000
Influencer
Posts: 11
Liked: 1 time
Joined: Apr 29, 2016 5:02 am
Full Name: Alex
Contact:

Re: Security hardening and/or best practice guide

Post by caballo2000 »

Currently there is any ransomware malware atacking Veeam Endpoint backup extensions?
BLWL
Enthusiast
Posts: 35
Liked: 41 times
Joined: Jan 27, 2015 7:24 am
Full Name: Bjorn L
Contact:

Re: Security hardening and/or best practice guide

Post by BLWL » 1 person likes this post

A general security guide would be really nice!
caballo2000 wrote:Currently there is any ransomware malware atacking Veeam Endpoint backup extensions?
Can't speak for if some malware is specifically targeting Veeam, I haven't heard about it. However, there are several ransomware that, if access, might encrypt your backup files.

Some suggestions for securing Veeam in a bigger environment:

[*] Network segmentation Veeam server, proxies and repositories (tight fw access rules, especially no client access to repositories)
[*] Account segmentation specifically for Veeam servers (deny login from other accounts)
[*] Encrypt backups (probably won't help against ransomware, but offers protection in other scenarios)

Edit: Here are some more suggestions: https://www.veeam.com/blog/how-to-avoid ... ocker.html

/BLWL
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 33 guests