- 
				CloudMSP
- Service Provider
- Posts: 43
- Liked: 11 times
- Joined: Jul 16, 2017 5:39 am
- Full Name: Veeam MSP
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
All Veeam credentials are easily obtained by PowerShell via a script that support can run for you, in fact I still have a copy of the script. So there goes that "protection".
Guys I am a MSP with 40+ clients running Veeam to a local dedicated BDR server with local storage, and then cloudconnect to our datacenter. Can someone break it down, what would be the most cost effective way to ensure these backups are as safe as possible for all my clients?
			
			
									
						
										
						Guys I am a MSP with 40+ clients running Veeam to a local dedicated BDR server with local storage, and then cloudconnect to our datacenter. Can someone break it down, what would be the most cost effective way to ensure these backups are as safe as possible for all my clients?
- 
				itrabbit
- Influencer
- Posts: 20
- Liked: 6 times
- Joined: Nov 24, 2016 6:50 am
- Full Name: Matt Dunleavy
- Contact:
[MERGED] Anyway to stop Veeam being able to delete backups?
Hi all,
With the recent post of virus and malware and even hackers deleting veeam backups. The one thing that bothers me, is an administrator can logon to the Veeam console and simply go to the repository and click delete and it uses the Veeam stored credentials.
Is there anyway to stop Veeam console from allow a user to directly delete backups. I am find if veeam is doing its retention policy and all magical stuff. But how do I stop simple users?
I would rather a dedicated password that must be entered prior to deleting any backups manually.
			
			
									
						
										
						With the recent post of virus and malware and even hackers deleting veeam backups. The one thing that bothers me, is an administrator can logon to the Veeam console and simply go to the repository and click delete and it uses the Veeam stored credentials.
Is there anyway to stop Veeam console from allow a user to directly delete backups. I am find if veeam is doing its retention policy and all magical stuff. But how do I stop simple users?
I would rather a dedicated password that must be entered prior to deleting any backups manually.
- 
				veremin
- Product Manager
- Posts: 20736
- Liked: 2403 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Hi, Matt, 
Have you thought about adding tapes or rotated drives to your backup strategy?
Thanks,
			
			
									
						
										
						Have you thought about adding tapes or rotated drives to your backup strategy?
Thanks,
- 
				cbc-tgschultz
- Enthusiast
- Posts: 67
- Liked: 12 times
- Joined: May 13, 2016 1:48 pm
- Full Name: Tanner Schultz
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
I'm afraid that given:itrabbit wrote:Hi all,
With the recent post of virus and malware and even hackers deleting veeam backups. The one thing that bothers me, is an administrator can logon to the Veeam console and simply go to the repository and click delete and it uses the Veeam stored credentials.
Is there anyway to stop Veeam console from allow a user to directly delete backups. I am find if veeam is doing its retention policy and all magical stuff. But how do I stop simple users?
I would rather a dedicated password that must be entered prior to deleting any backups manually.
This feature wouldn't actually offer that much protection. Veeam stores the credentials, so one must assume that if someone has access to the Veeam server, then they have access to those credentials and are a few simple steps from being able to delete your backups.All Veeam credentials are easily obtained by PowerShell via a script that support can run for you, in fact I still have a copy of the script. So there goes that "protection".
The solutions that come to mind:
1) Offline backups, such as the suggested tape backups. I personally don't like this as tape is quite inconvenient and rarely do people take the time to test them like they should.
2) Rely on features of the storage system. For instance, Nimble storage arrays can take block-delta snapshots as frequently as you like, with pretty much any retention period you like. If your files are deleted, just go back to the last known good snapshot. The problem here is that any attacker determined enough to get your Veeam server can probably take the time to get at your storage system too and just delete the snapshots.
3) Not-really-offline backups. I described this in an earlier post in this thread. Basically, set up another storage system that is completely inaccessible over the network, only being accessible through a physical monitor+keyboard in the server room, that can form one-way connections to the primary storage server for the purposes of copying backups to itself from there.
- 
				aporter
- Influencer
- Posts: 11
- Liked: 1 time
- Joined: May 18, 2012 2:44 am
- Full Name: Andrew Porter
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
1.5) Offline backups using rotating external hard drives.
			
			
									
						
										
						- 
				Jacv
- Novice
- Posts: 7
- Liked: 3 times
- Joined: Apr 05, 2016 12:13 am
- Contact:
[MERGED] Read only vbk/vib files?
Can existing vbk/vib files be set as read only? 
My thinking is I can add another layer of security to my offsite DR (Linux SMB share over VPN) by changing RW access from the share user to RO by giving write permissions to root only after every backup.
I know I'd have to manually control retention policy and I still have airgapped backups but thought the extra defence layer would be worth it.
			
			
									
						
										
						My thinking is I can add another layer of security to my offsite DR (Linux SMB share over VPN) by changing RW access from the share user to RO by giving write permissions to root only after every backup.
I know I'd have to manually control retention policy and I still have airgapped backups but thought the extra defence layer would be worth it.
- 
				DGrinev
- Veteran
- Posts: 1943
- Liked: 247 times
- Joined: Dec 01, 2016 3:49 pm
- Full Name: Dmitry Grinev
- Location: St.Petersburg
- Contact:
Re: Read only vbk/vib files?
Hi,
In order to provide the best data protection plan you should follow the 3-2-1 Rule.
Also, you can use Veeam Cloud Connect to store your data in the cloud on a Service Provider site.
Please review this thread with best approaches of backup file protection against deletion. Thanks!
			
			
									
						
										
						In order to provide the best data protection plan you should follow the 3-2-1 Rule.
Also, you can use Veeam Cloud Connect to store your data in the cloud on a Service Provider site.
Please review this thread with best approaches of backup file protection against deletion. Thanks!
- 
				chrsm
- Novice
- Posts: 3
- Liked: never
- Joined: Mar 27, 2014 1:26 pm
- Full Name: Christian Schmidt-Møller
- Contact:
[MERGED] Securing offside backup
I am designing a new veeam solution for a customer. We design the solution to do a daily backup copy job to a repository on a remote site.
What is best practices for securing the data on the remote site to protect the data from being deleted from a hacker attack (ransomware etc.)
I can see that 9.3 U3 have a new feature to cloud connect customers, that keep the data on the cloud provider even if the data have been deleted. Do we have similar possibilities even if we are not cloud connect customer.
			
			
									
						
										
						What is best practices for securing the data on the remote site to protect the data from being deleted from a hacker attack (ransomware etc.)
I can see that 9.3 U3 have a new feature to cloud connect customers, that keep the data on the cloud provider even if the data have been deleted. Do we have similar possibilities even if we are not cloud connect customer.
- 
				veremin
- Product Manager
- Posts: 20736
- Liked: 2403 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Nope, and you wouldn't benefit from such feature, even if we had it, as everything would still be controlled with the same access identity. Which is not the case with Cloud Connect scenario, where a customer is unable to reach a location where deleted data is stored.Do we have similar possibilities even if we are not cloud connect customer.
So, without CC in equation, the most reliable solutions turned to be tapes and removable drives (think real "offline", "air-gapped" backups).
Thanks.
- 
				dellock6
- Veeam Software
- Posts: 6208
- Liked: 1995 times
- Joined: Jul 26, 2009 3:39 pm
- Full Name: Luca Dell'Oca
- Location: Varese, Italy
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
One possibility however is VCC-E, that is Cloud Connect for Enterprise. It's technically the same solution as "regular" Cloud Connect, but it has specific requirements in terms of existing Enterprise License agreements to be eligible. 
Otherwise, the bets option is to either deploy VCC and become yourself a service provider for your customer, or partner (as a reseller/broker...) with an existing Veeam service provider and resell their Cloud Connect.
			
			
									
						
							Otherwise, the bets option is to either deploy VCC and become yourself a service provider for your customer, or partner (as a reseller/broker...) with an existing Veeam service provider and resell their Cloud Connect.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
			
						Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
- 
				yowmemperor
- Enthusiast
- Posts: 30
- Liked: never
- Joined: Jan 08, 2018 5:19 pm
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
So this discussion has gone more than one page since I last read it. I apologize ahead of time for not taking time to read the other 6 pages.
So a script was mentioned to rename the backup files. Sounds like a good idea, however, I assume this effects Veeam's ability to run Synthetic full's, and backup maps? To run those, the script would have to be re-run to revert to the original file name just as we would with a restore? The Syth fulls and maps take a significant amount of time for us, are there other ideas aside from offline copies?
			
			
									
						
										
						So a script was mentioned to rename the backup files. Sounds like a good idea, however, I assume this effects Veeam's ability to run Synthetic full's, and backup maps? To run those, the script would have to be re-run to revert to the original file name just as we would with a restore? The Syth fulls and maps take a significant amount of time for us, are there other ideas aside from offline copies?
- 
				lxzndr
- Novice
- Posts: 9
- Liked: 2 times
- Joined: Jun 24, 2011 3:26 pm
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
What connections are required for a "disconnected" server to obtain backups, or backup copies if that system is on the other side of a physical firewall device?
I saw mention of something like that where connections "To" that device are denied, and only allow connections "From" that device are allowed.
I would actually lean towards running backup jobs from it, instead of copy - that way it becomes an additional independent backup and avoids any issues if the original repository is unavailable.
Would that server only need access to vCenter? (doing Network backup) or I could include a Proxy for HotAdd?
			
			
									
						
										
						I saw mention of something like that where connections "To" that device are denied, and only allow connections "From" that device are allowed.
I would actually lean towards running backup jobs from it, instead of copy - that way it becomes an additional independent backup and avoids any issues if the original repository is unavailable.
Would that server only need access to vCenter? (doing Network backup) or I could include a Proxy for HotAdd?
- 
				kewnev
- Enthusiast
- Posts: 90
- Liked: 23 times
- Joined: Jun 17, 2012 1:09 pm
- Full Name: Nev
- Contact:
Re: Read only vbk/vib files?
Hello, is using Veeam Cloud Connect (VCC) as secure as using rotated drives? Let's say a hacker/malware gets in to my network and wiped out all my data and on-site backups. Could they also extract VCC credentials from my Veeam configuration, then connect to my VCC provider and wipe out my backups there?DGrinev wrote:Hi,
In order to provide the best data protection plan you should follow the 3-2-1 Rule.
Also, you can use Veeam Cloud Connect to store your data in the cloud on a Service Provider site.
Please review this thread with best approaches of backup file protection against deletion. Thanks!
(I have never used VCC, apologies if I sound ignorant..!)
- 
				Gostev
- Chief Product Officer
- Posts: 32761
- Liked: 7971 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Not if your service provider has Insider Protection feature enabled.
			
			
									
						
										
						- 
				Phate1989
- Lurker
- Posts: 1
- Liked: never
- Joined: Apr 05, 2018 4:45 pm
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Unitrends is using this post in their marketing.
			
			
									
						
										
						- 
				miconib
- Lurker
- Posts: 1
- Liked: never
- Joined: Jun 22, 2018 9:49 am
- Full Name: Brandon Miconi
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
What we have done and i'm not sure if anyone wants to add in there own snip about it is, the following
Since we mostly have small to mid size customers
For lager customers
Separate VMWARE server
Virtual Machine Running Veeam "Not on the domain, Completely difrent set of usernames and passwords for the admin account and there is only one admin account"
It is however on the same network, but it's completely locked unless you know the admin password "Which is different"
We make a veeam local backup
If the Server gets hit or has a hardware problem we spin it up on the secondary vmware server, we also use cloud connect as well but this is more for quick restore times "The local backup is"
For Smaller customers
On the same VMWARE server
Virtual Machine Running Veeam "Not on the domain, Completely difrent set of usernames and passwords for the admin account and there is only one admin account"
It is however on the same network, but it's completely locked unless you know the admin password "Which is different"
We make a veeam local backup
If the Server gets hit we spin it up on the same vmware server, we also use cloud connect as well but this is more for quick restore times "The local backup is"
what do you guys think ?
			
			
									
						
										
						Since we mostly have small to mid size customers
For lager customers
Separate VMWARE server
Virtual Machine Running Veeam "Not on the domain, Completely difrent set of usernames and passwords for the admin account and there is only one admin account"
It is however on the same network, but it's completely locked unless you know the admin password "Which is different"
We make a veeam local backup
If the Server gets hit or has a hardware problem we spin it up on the secondary vmware server, we also use cloud connect as well but this is more for quick restore times "The local backup is"
For Smaller customers
On the same VMWARE server
Virtual Machine Running Veeam "Not on the domain, Completely difrent set of usernames and passwords for the admin account and there is only one admin account"
It is however on the same network, but it's completely locked unless you know the admin password "Which is different"
We make a veeam local backup
If the Server gets hit we spin it up on the same vmware server, we also use cloud connect as well but this is more for quick restore times "The local backup is"
what do you guys think ?
- 
				michaelyou
- Influencer
- Posts: 18
- Liked: 4 times
- Joined: Jul 06, 2018 3:19 pm
- Full Name: michael
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
I think Veeam need to provide a proactive protection for ransomware issue.
This is because Veeam is image-based backup solution on Windows OS. (Just like Backup Exec or Ghost)
Therefore, vbk and vib files become targets of viruses or malware.
Currently, we use a powershell script to change the file extension to a custom string on each backup job. (prescript and postscript)
However
Commvault : Provide many methods to protect backup data from ransomware.
Unitrends and Rubrik : Hardened linux-based appliance.
https://documentation.commvault.com/com ... p=7722.htm
https://www.unitrends.com/solutions/ran ... protection
How about Veeam ?
			
			
									
						
										
						This is because Veeam is image-based backup solution on Windows OS. (Just like Backup Exec or Ghost)
Therefore, vbk and vib files become targets of viruses or malware.
Currently, we use a powershell script to change the file extension to a custom string on each backup job. (prescript and postscript)
However
Commvault : Provide many methods to protect backup data from ransomware.
Unitrends and Rubrik : Hardened linux-based appliance.
https://documentation.commvault.com/com ... p=7722.htm
https://www.unitrends.com/solutions/ran ... protection
How about Veeam ?
- 
				mikeely
- Veteran
- Posts: 254
- Liked: 75 times
- Joined: Nov 07, 2016 7:39 pm
- Full Name: Mike Ely
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Our backups are being written (via NFS) to a ZFS share which takes regular snapshosts. Pretty sure the ransomware wouldn't be able to access those as the Linux vbr/headend can't see them, although if we somehow missed the attack until after the snaps expired...
			
			
									
						
							'If you truly love Veeam, then you should not let us do this  ' --Gostev, in a particularly Blazing Saddles moment
' --Gostev, in a particularly Blazing Saddles moment
			
						 ' --Gostev, in a particularly Blazing Saddles moment
' --Gostev, in a particularly Blazing Saddles moment- 
				Gostev
- Chief Product Officer
- Posts: 32761
- Liked: 7971 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Right, Veeam supported Linux-based repositories since v1. So if you believe using hardened Linux-based backup repository actually helps against real-world attacks - then by all means, you should use them. I personally recommend air gapping backup instead, seeing how almost all successful attacks we've seen in support were carried out from inside by the hacker having sniffed/keylogged credentials to all critical IT systems... the only role actual ransomware had in all these cases was letting the hacker into the environment.
			
			
									
						
										
						- 
				michaelyou
- Influencer
- Posts: 18
- Liked: 4 times
- Joined: Jul 06, 2018 3:19 pm
- Full Name: michael
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Hi mikeely ,
Thank you so much for your sharing about your scenario for the backup repository.
Hi Gostev ,
Thank you so much for your reply. I know the "air gap" is the ideal solution for data security and ransomware attack.
However if we implement air gap solution in the real world that means the RTO will be reduce due to isolated from the production environment. that is why I hope Veeam can do more proactive protection about this.
This is not only the "leader supplier" of Veeam in the Gartner report! However, like other competitors like Acronis, there is also "Active Protection". Why is Veeam not ? I hope Veeam can solve this issue from the root.
			
			
									
						
										
						Thank you so much for your sharing about your scenario for the backup repository.
Hi Gostev ,
Thank you so much for your reply. I know the "air gap" is the ideal solution for data security and ransomware attack.
However if we implement air gap solution in the real world that means the RTO will be reduce due to isolated from the production environment. that is why I hope Veeam can do more proactive protection about this.
This is not only the "leader supplier" of Veeam in the Gartner report! However, like other competitors like Acronis, there is also "Active Protection". Why is Veeam not ? I hope Veeam can solve this issue from the root.
- 
				Gostev
- Chief Product Officer
- Posts: 32761
- Liked: 7971 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Veeam does not have it because it is a marketing gimmick that does nothing besides giving you a false sense of protection. Such features are an actual disservice to the users, because they make them think they are well protected and can skip on implementing the proper solution (air gapped backups). It's not until after the actual attack when these users learn that solutions of this kind take seconds to be uninstalled (or simply disabled) by the hacker, thus adding zero extra protection to your backups.
I don't know if you followed Veeam forum digests in the past couple of years, because I've been sharing there many of the actual attack stories that we saw in our support. All of them clearly showed, in particular, how this type of "backup protection solutions" have zero value against real-world cyberattacks.
			
			
									
						
										
						I don't know if you followed Veeam forum digests in the past couple of years, because I've been sharing there many of the actual attack stories that we saw in our support. All of them clearly showed, in particular, how this type of "backup protection solutions" have zero value against real-world cyberattacks.
- 
				F182
- Service Provider
- Posts: 19
- Liked: 3 times
- Joined: Jun 03, 2018 3:13 pm
- Full Name: Farzon David Almaneih
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
I am very sorry for those that have been attacked by these ransom/viruses.
Though, this thread is quite surprising to me. We have been implementing 3-2-1 backup practices for almost 30 years and the concept was well established in the industry before then. See summary of 3-2-1: https://www.veeam.com/blog/how-to-follo ... ation.html.
Offsites are critical and not a want-have they are a must-have. There are a lot of options available. You can use portal media. Cloud repository. Etc etc.
For example, we are much beyond 3-2-1. We have the main backup repository. We have a copy job to portable media repository. We have a copy job to cloud repository. Our cloud repository has a backup of it's entire box to Azure backup (these backups go a long long way back).
It may seem like overkill, but if you want to sleep at night and have the confidence that the OP put in his first post, these are the steps that are needed.
Good luck everyone
			
			
									
						
										
						Though, this thread is quite surprising to me. We have been implementing 3-2-1 backup practices for almost 30 years and the concept was well established in the industry before then. See summary of 3-2-1: https://www.veeam.com/blog/how-to-follo ... ation.html.
Offsites are critical and not a want-have they are a must-have. There are a lot of options available. You can use portal media. Cloud repository. Etc etc.
For example, we are much beyond 3-2-1. We have the main backup repository. We have a copy job to portable media repository. We have a copy job to cloud repository. Our cloud repository has a backup of it's entire box to Azure backup (these backups go a long long way back).
It may seem like overkill, but if you want to sleep at night and have the confidence that the OP put in his first post, these are the steps that are needed.
Good luck everyone
- 
				mvalpreda
- Enthusiast
- Posts: 85
- Liked: 3 times
- Joined: May 06, 2015 10:57 pm
- Full Name: Mark Valpreda
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
While not a replacement for air-gapped off-site backups.....if nothing else get a Synology (or other NAS) that does snapshots. Send backups to Synology, schedule a snapshot after your backups, and make sure you are not presenting snapshots to the OS. Make sure the login for your NAS is a different password than the admin password and not stored in the browser cache or password manager. We typically do iSCSI to take advantage of 9.5 + 2016 + ReFS. 
If your backups get hosed, apply a snapshot. It's like nothing happened. Tested a few times and works great. Short of someone getting into your NAS and deleting the snapshots, you're in pretty good shape.
			
			
									
						
										
						If your backups get hosed, apply a snapshot. It's like nothing happened. Tested a few times and works great. Short of someone getting into your NAS and deleting the snapshots, you're in pretty good shape.
- 
				CloudMSP
- Service Provider
- Posts: 43
- Liked: 11 times
- Joined: Jul 16, 2017 5:39 am
- Full Name: Veeam MSP
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Yeah but who actually recommends writing their backups to Synology in the first place?
			
			
									
						
										
						- 
				csydas
- Expert
- Posts: 193
- Liked: 47 times
- Joined: Jan 16, 2018 5:14 pm
- Full Name: Harvey Carel
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Out of curiosity, why does it have to reduce RTO? The "oh shit" backups should be beyond tertiary in my mind.michaelyou wrote: However if we implement air gap solution in the real world that means the RTO will be reduce due to isolated from the production environment. that is why I hope Veeam can do more proactive protection about this.
This is not only the "leader supplier" of Veeam in the Gartner report! However, like other competitors like Acronis, there is also "Active Protection".
Backups are tough, and doing it "right" is basically throwing as much redundancy at the situation as you possibly can. In our setup, we just do absolutely everything we can to move the files into redundant and safe locations with the goal of eventually vaulting them, either with rotated drives or tapes. Yeah, it costs money, but at the same time, what is the cost of losing everything?
I don't buy the Active Protection stuff as it's basically just reliant on account permissions, and the entire attack vector for malware is that a malicious actor has gotten privileged credentials. You can bet against it as much as you want, but ultimately, it's not 0-days or clever privilege elevation attacks you're having to worry about, it's your coworker Bob getting an email that says "Hey Bob! look at this!".
We've had more infections because of otherwise intelligent and very talented admins falling for a spoofed email after long day than any actual security flaws. I'm not saying "don't patch it's pointless", but instead just understand the threat you're dealing with and also what frustrates these attacks.
We got to the size that the math for an all-down scenario took us way too long and too much money to get back to operational, and suddenly the cost of an LTO7 library wasn't so bad.
That's how we see it; we backup copy to rotated drives with a short-term "oh shit" retention, same with our tapes.in the event that we do get taken over, sure, it's going to be a long couple of days, but for the most part we have an RTO of 24 hour for our primary servers and upwards of 48 hours for our secondary. We've done this with one client before in an actual ransomware situation, and by hour 5, they were up and running with the essentials, by hour 30 everything was back.
- 
				mvalpreda
- Enthusiast
- Posts: 85
- Liked: 3 times
- Joined: May 06, 2015 10:57 pm
- Full Name: Mark Valpreda
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Not everyone has unlimited budgets for backup repositories. A DS918+ with 4x 8TB drives and Veeam B&R for a customer with 2-4TB of VMs....it works well when properly configured. We also recommend at a minimum doing a USB drive as an offsite. Did you have another recommendation?CloudMSP wrote:Yeah but who actually recommends writing their backups to Synology in the first place?
- 
				michaelyou
- Influencer
- Posts: 18
- Liked: 4 times
- Joined: Jul 06, 2018 3:19 pm
- Full Name: michael
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Thank you all for your good idea and reply.
Honestly speaking.
After compared various backup solution (PoC), we decided to deploy Veeam to our environment.
However this issue is big concern for us. That is why I really care about the feedback from Veeam.
Yes , I totally agreed the 3-2-1 rules is the best practice for backup. no doubt.
But I feel Veeam just keep emphasize how importantce of 3-2-1 rules when Veeam discussing with this kind of topic.
I really hope Veeam have better solution or suggestion besides 3-2-1 rules.
Currently I planned to created Linux-based repository with ZFS file system.
I have a HP DL180 G6 server with 8TB hard disk x 8 (RAID 6)
Veeam server will access repository via NFS protocol.
Is it possible to restrict an account (linux local account) to Read / Write the backup reposiotry only ?
Any suggestion will be apprecaited.
Thank you very much.
			
			
									
						
										
						Honestly speaking.
After compared various backup solution (PoC), we decided to deploy Veeam to our environment.
However this issue is big concern for us. That is why I really care about the feedback from Veeam.
Yes , I totally agreed the 3-2-1 rules is the best practice for backup. no doubt.
But I feel Veeam just keep emphasize how importantce of 3-2-1 rules when Veeam discussing with this kind of topic.
I really hope Veeam have better solution or suggestion besides 3-2-1 rules.
Currently I planned to created Linux-based repository with ZFS file system.
I have a HP DL180 G6 server with 8TB hard disk x 8 (RAID 6)
Veeam server will access repository via NFS protocol.
Is it possible to restrict an account (linux local account) to Read / Write the backup reposiotry only ?
Any suggestion will be apprecaited.
Thank you very much.
- 
				doum
- Enthusiast
- Posts: 30
- Liked: 6 times
- Joined: Feb 15, 2018 10:45 pm
- Full Name: Benoit Machiavello
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
+1
it's a big problem and it's not always possible to use external backup (slow internet connection for example)
Does Veeam provide a whitepaper with all the best practices to secure its veeam infrastructure against this type of attack?
			
			
									
						
										
						it's a big problem and it's not always possible to use external backup (slow internet connection for example)
Does Veeam provide a whitepaper with all the best practices to secure its veeam infrastructure against this type of attack?
- 
				afokkema
- Service Provider
- Posts: 23
- Liked: 3 times
- Joined: Feb 13, 2009 2:00 pm
- Full Name: Arne Fokkema
- Location: Netherlands
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
You could take a look at the best practices guide: https://bp.veeam.expert/proof-of-concep ... -hardening or take a look at this whitepaper: https://www.veeam.com/wp-backup-replica ... ening.html
			
			
									
						
										
						- 
				SimonS
- Influencer
- Posts: 12
- Liked: 4 times
- Joined: Jan 26, 2018 11:19 am
- Full Name: Simon Setina
- Location: Slovenia
- Contact:
Re: Yes, Ransomware can delete your Veeam backups.
Instead using NFS/CIFS you can consider using Linux repository:michaelyou wrote:
Currently I planned to created Linux-based repository with ZFS file system.
I have a HP DL180 G6 server with 8TB hard disk x 8 (RAID 6)
Veeam server will access repository via NFS protocol.
Is it possible to restrict an account (linux local account) to Read / Write the backup reposiotry only ?
Any suggestion will be apprecaited.
Add Repository -> Type -> Linux Server
In this case Data mover is running on linux repository, and backup files are not visible to Windows world
Examples:
http://blog.dewin.me/2013/05/veeam-and- ... itory.html
https://www.virtualtothecore.com/en/per ... ositories/
https://www.virtualtothecore.com/en/vee ... -centos-7/
Who is online
Users browsing this forum: Amazon [Bot] and 26 guests