Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
tacioandrade
Enthusiast
Posts: 29
Liked: 3 times
Joined: Nov 17, 2016 2:04 am
Full Name: Tácio Andrade
Contact:

Sharing integrity used by the VEB

Post by tacioandrade »

Good night, I use Veeam Endpoint Backup to backup some desktops with Samba sharing, but I came up with a possible problem with ransomwares attacks.
When creating the backup job in VEB I always put a user created for backup only, but my question is whether during a backup job, while the share is accessed by Veeam, if the computer is infected with ransomware there is the possibility of all backup Be compromised?
For a file server I usually use Bacula or Syncovery because they pull the data, preventing a virus on the server from destroying the stored data, but since the Veeam Agent and Endpoint uses Samba or NFS, I was left with that doubt.

Sincerely, Tácio Andrade.
Vitaliy S.
VP, Product Management
Posts: 27377
Liked: 2800 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Sharing integrity used by the VEB

Post by Vitaliy S. »

Hi Tácio,

You can try to follow Dima's recommendation in this thread to address the cryptolocker issue > endpoint cryptolocker protection - veeam repository

Thanks!
Dima P.
Product Manager
Posts: 14726
Liked: 1707 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Sharing integrity used by the VEB

Post by Dima P. »

Hi tacioandrade,
When creating the backup job in VEB I always put a user created for backup only, but my question is whether during a backup job, while the share is accessed by Veeam, if the computer is infected with ransomware there is the possibility of all backup Be compromised?
I have not heard about a ransomware smart enough to parse the configuration from applications, so if you can’t access the backup destination from machine via regular windows browser, you are good to go.
tacioandrade
Enthusiast
Posts: 29
Liked: 3 times
Joined: Nov 17, 2016 2:04 am
Full Name: Tácio Andrade
Contact:

Re: Sharing integrity used by the VEB

Post by tacioandrade »

My doubt is that I have seen some ransomwares that could spread through samba shares not mounted directly as a unit but rather scouring the network.

If the VEB accesses the share so that the entire system and not only the application can read and write, ransomware can completely corrupt the backup.
Vitaliy S. wrote: You can try to follow Dima's recommendation in this thread to address the cryptolocker issue > endpoint cryptolocker protection - veeam repository
Thank you very much I will read on this topic and hopefully I have some idea how to solve the problem from it.


Sincerely, Tácio Andrade.
tacioandrade
Enthusiast
Posts: 29
Liked: 3 times
Joined: Nov 17, 2016 2:04 am
Full Name: Tácio Andrade
Contact:

Re: Sharing integrity used by the VEB

Post by tacioandrade » 1 person likes this post

I just read the post and from what I was reading it was focused on VBR and not Samba sharing. But this has given me hope that my policy will be functional, at least for now.

I will try to mount a lab later to test directory access while the backup is being done and see if it is possible or not.

Sincerely, Tácio Andrade.
tacioandrade
Enthusiast
Posts: 29
Liked: 3 times
Joined: Nov 17, 2016 2:04 am
Full Name: Tácio Andrade
Contact:

Re: Sharing integrity used by the VEB

Post by tacioandrade »

Good afternoon, I tested with Veeam Endpoint Backup and Veeam Agent for Linux Beta and I have some information to share.

In VEB when backing up Veeam does not keep the share via samba share, at least not for the computer user, so much that during the running backup I tried in several ways to access the linux server running Samba and to no avail.

However in the Veeam Agent for Linux it is different, to run the service, either via NFS or via CIFS it mounts direct sharing in the operating system, which can be a problem.

At least Windows against the ransomwares I believe that the Veeam Endpoint Backup + linux Server or NAS with access to only 1 user is a good option.
PTide
Product Manager
Posts: 6551
Liked: 765 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Sharing integrity used by the VEB

Post by PTide » 2 people like this post

Hi,
However in the Veeam Agent for Linux it is different, to run the service, either via NFS or via CIFS it mounts direct sharing in the operating system, which can be a problem.
The directory where Veeam Agent for Linux mounts shared folder has root set as an owner and write permissions are set for owner only so during the backup seesion no one except root is allowed to write into that directory.

Thanks
tacioandrade
Enthusiast
Posts: 29
Liked: 3 times
Joined: Nov 17, 2016 2:04 am
Full Name: Tácio Andrade
Contact:

Re: Sharing integrity used by the VEB

Post by tacioandrade »

True, I checked that too, but if an ransomware attacked the Linux server and was able to scale the permissions it could encrypt the files.

But from what I know of Linux there would be no other way to send the files via samba or NFS without mounting as a directory in the operating system.

I still believe in the security of the Veeam Agent, but on Linux I would think of creating 2 distinct jobs, each saving on a samba share with different username and password.


Sincerely, Tácio Andrade.
PTide
Product Manager
Posts: 6551
Liked: 765 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Sharing integrity used by the VEB

Post by PTide »

True, I checked that too, but if an ransomware attacked the Linux server and was able to scale the permissions it could encrypt the files.
Even with root permissions a ransomware needs to know share parameters (UNC and credentials) in order to mount the share. If you have some ideas of where it could possibly get it from please share them and we'll make sure to have the loophole covered.

Thanks
tacioandrade
Enthusiast
Posts: 29
Liked: 3 times
Joined: Nov 17, 2016 2:04 am
Full Name: Tácio Andrade
Contact:

Re: Sharing integrity used by the VEB

Post by tacioandrade »

Actually, my fear would not be to get it, because I know you guys do a great job on the information storage part, my fear is during the backup job, while the veeam works to access and encrypt the data.

I know I'm being a little manic for security, but I've had friends who've lost almost everything on ramsonware and so I'm in this way.
Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests