-
- Enthusiast
- Posts: 29
- Liked: 3 times
- Joined: Nov 17, 2016 2:04 am
- Full Name: Tácio Andrade
- Contact:
Sharing integrity used by the VEB
Good night, I use Veeam Endpoint Backup to backup some desktops with Samba sharing, but I came up with a possible problem with ransomwares attacks.
When creating the backup job in VEB I always put a user created for backup only, but my question is whether during a backup job, while the share is accessed by Veeam, if the computer is infected with ransomware there is the possibility of all backup Be compromised?
For a file server I usually use Bacula or Syncovery because they pull the data, preventing a virus on the server from destroying the stored data, but since the Veeam Agent and Endpoint uses Samba or NFS, I was left with that doubt.
Sincerely, Tácio Andrade.
When creating the backup job in VEB I always put a user created for backup only, but my question is whether during a backup job, while the share is accessed by Veeam, if the computer is infected with ransomware there is the possibility of all backup Be compromised?
For a file server I usually use Bacula or Syncovery because they pull the data, preventing a virus on the server from destroying the stored data, but since the Veeam Agent and Endpoint uses Samba or NFS, I was left with that doubt.
Sincerely, Tácio Andrade.
-
- VP, Product Management
- Posts: 27377
- Liked: 2800 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Sharing integrity used by the VEB
Hi Tácio,
You can try to follow Dima's recommendation in this thread to address the cryptolocker issue > endpoint cryptolocker protection - veeam repository
Thanks!
You can try to follow Dima's recommendation in this thread to address the cryptolocker issue > endpoint cryptolocker protection - veeam repository
Thanks!
-
- Product Manager
- Posts: 14726
- Liked: 1707 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Sharing integrity used by the VEB
Hi tacioandrade,
I have not heard about a ransomware smart enough to parse the configuration from applications, so if you can’t access the backup destination from machine via regular windows browser, you are good to go.When creating the backup job in VEB I always put a user created for backup only, but my question is whether during a backup job, while the share is accessed by Veeam, if the computer is infected with ransomware there is the possibility of all backup Be compromised?
-
- Enthusiast
- Posts: 29
- Liked: 3 times
- Joined: Nov 17, 2016 2:04 am
- Full Name: Tácio Andrade
- Contact:
Re: Sharing integrity used by the VEB
My doubt is that I have seen some ransomwares that could spread through samba shares not mounted directly as a unit but rather scouring the network.
If the VEB accesses the share so that the entire system and not only the application can read and write, ransomware can completely corrupt the backup.
Sincerely, Tácio Andrade.
If the VEB accesses the share so that the entire system and not only the application can read and write, ransomware can completely corrupt the backup.
Thank you very much I will read on this topic and hopefully I have some idea how to solve the problem from it.Vitaliy S. wrote: You can try to follow Dima's recommendation in this thread to address the cryptolocker issue > endpoint cryptolocker protection - veeam repository
Sincerely, Tácio Andrade.
-
- Enthusiast
- Posts: 29
- Liked: 3 times
- Joined: Nov 17, 2016 2:04 am
- Full Name: Tácio Andrade
- Contact:
Re: Sharing integrity used by the VEB
I just read the post and from what I was reading it was focused on VBR and not Samba sharing. But this has given me hope that my policy will be functional, at least for now.
I will try to mount a lab later to test directory access while the backup is being done and see if it is possible or not.
Sincerely, Tácio Andrade.
I will try to mount a lab later to test directory access while the backup is being done and see if it is possible or not.
Sincerely, Tácio Andrade.
-
- Enthusiast
- Posts: 29
- Liked: 3 times
- Joined: Nov 17, 2016 2:04 am
- Full Name: Tácio Andrade
- Contact:
Re: Sharing integrity used by the VEB
Good afternoon, I tested with Veeam Endpoint Backup and Veeam Agent for Linux Beta and I have some information to share.
In VEB when backing up Veeam does not keep the share via samba share, at least not for the computer user, so much that during the running backup I tried in several ways to access the linux server running Samba and to no avail.
However in the Veeam Agent for Linux it is different, to run the service, either via NFS or via CIFS it mounts direct sharing in the operating system, which can be a problem.
At least Windows against the ransomwares I believe that the Veeam Endpoint Backup + linux Server or NAS with access to only 1 user is a good option.
In VEB when backing up Veeam does not keep the share via samba share, at least not for the computer user, so much that during the running backup I tried in several ways to access the linux server running Samba and to no avail.
However in the Veeam Agent for Linux it is different, to run the service, either via NFS or via CIFS it mounts direct sharing in the operating system, which can be a problem.
At least Windows against the ransomwares I believe that the Veeam Endpoint Backup + linux Server or NAS with access to only 1 user is a good option.
-
- Product Manager
- Posts: 6551
- Liked: 765 times
- Joined: May 19, 2015 1:46 pm
- Contact:
Re: Sharing integrity used by the VEB
Hi,
Thanks
The directory where Veeam Agent for Linux mounts shared folder has root set as an owner and write permissions are set for owner only so during the backup seesion no one except root is allowed to write into that directory.However in the Veeam Agent for Linux it is different, to run the service, either via NFS or via CIFS it mounts direct sharing in the operating system, which can be a problem.
Thanks
-
- Enthusiast
- Posts: 29
- Liked: 3 times
- Joined: Nov 17, 2016 2:04 am
- Full Name: Tácio Andrade
- Contact:
Re: Sharing integrity used by the VEB
True, I checked that too, but if an ransomware attacked the Linux server and was able to scale the permissions it could encrypt the files.
But from what I know of Linux there would be no other way to send the files via samba or NFS without mounting as a directory in the operating system.
I still believe in the security of the Veeam Agent, but on Linux I would think of creating 2 distinct jobs, each saving on a samba share with different username and password.
Sincerely, Tácio Andrade.
But from what I know of Linux there would be no other way to send the files via samba or NFS without mounting as a directory in the operating system.
I still believe in the security of the Veeam Agent, but on Linux I would think of creating 2 distinct jobs, each saving on a samba share with different username and password.
Sincerely, Tácio Andrade.
-
- Product Manager
- Posts: 6551
- Liked: 765 times
- Joined: May 19, 2015 1:46 pm
- Contact:
Re: Sharing integrity used by the VEB
Even with root permissions a ransomware needs to know share parameters (UNC and credentials) in order to mount the share. If you have some ideas of where it could possibly get it from please share them and we'll make sure to have the loophole covered.True, I checked that too, but if an ransomware attacked the Linux server and was able to scale the permissions it could encrypt the files.
Thanks
-
- Enthusiast
- Posts: 29
- Liked: 3 times
- Joined: Nov 17, 2016 2:04 am
- Full Name: Tácio Andrade
- Contact:
Re: Sharing integrity used by the VEB
Actually, my fear would not be to get it, because I know you guys do a great job on the information storage part, my fear is during the backup job, while the veeam works to access and encrypt the data.
I know I'm being a little manic for security, but I've had friends who've lost almost everything on ramsonware and so I'm in this way.
I know I'm being a little manic for security, but I've had friends who've lost almost everything on ramsonware and so I'm in this way.
Who is online
Users browsing this forum: No registered users and 6 guests