More of a discussion topic rather than "fix please":
With Veeam B&R v11 still requiring NTLM to work and communicate within the system, I wonder what Veeam thinks of that.
For you that haven't heard, besides the Windows print spooler nightmare (again btw) there is a new attack vector over MS-EFSRPC which seems to be harder than "just patch".
More information : https://blog.truesec.com/2021/07/25/mit ... etitpotam/
One of the proposed mitigations by Microsoft are "Disable NTLM and use Kerberos instead", which seems harsh but long time overdue imho.
As parts of Veeam B&R seems to be able to use Kerberos (very limited use), other parts rely on SSH key or could use other authetication methods, but NTLM seems to stick there.
So besides all of us moving over to Secure Linux-based repositories, is there any plans to move to a more modern way of internal authentication in Veeam B&R (and possible other Veeam products).
-
dejan.ilic
- Enthusiast
- Posts: 46
- Liked: 5 times
- Joined: Apr 11, 2019 11:37 am
- Full Name: Dejan Ilic
- Contact:
-
Gostev
- Chief Product Officer
- Posts: 32373
- Liked: 7726 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Veeam B&R, NTLM & Petitpotam attack vector
Yes, actually this was announced at VeeamON 2021 a couple of months ago as one of the immediate priorities.
Also note that for VMware vSphere, we already support Kerberos-only guest networks for application-aware processing, for a couple of releases now. This was prioritized because the presence of malicious users is much more likely there, comparing to in internal infrastructure networks to which usually only admins have access to.
Also note that for VMware vSphere, we already support Kerberos-only guest networks for application-aware processing, for a couple of releases now. This was prioritized because the presence of malicious users is much more likely there, comparing to in internal infrastructure networks to which usually only admins have access to.
-
dejan.ilic
- Enthusiast
- Posts: 46
- Liked: 5 times
- Joined: Apr 11, 2019 11:37 am
- Full Name: Dejan Ilic
- Contact:
Re: Veeam B&R, NTLM & Petitpotam attack vector
Nice, would you mind telling which session I should view (on-demand) to hear more about the priorities?
As a security issue I would personaly have a higher priority, but of course I don't have the whole picture.
And I'm aware of the kerberos support for application-aware processing, but it is the other parts that has a higher impact that worried about.
As a security issue I would personaly have a higher priority, but of course I don't have the whole picture.
And I'm aware of the kerberos support for application-aware processing, but it is the other parts that has a higher impact that worried about.
-
Gostev
- Chief Product Officer
- Posts: 32373
- Liked: 7726 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Veeam B&R, NTLM & Petitpotam attack vector
It was in the Technology Keynote.
-
DaStivi
- Veeam Legend
- Posts: 380
- Liked: 60 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
Re: Veeam B&R, NTLM & Petitpotam attack vector
i am also interested on this topic... further more i would like to disable NTLM entierly, maybe test also to add the "veeam-service" account to the protected users group... but i just found in the docs that veeam uses NTLM between the veeam server components, proxy .etc... ???!
https://helpcenter.veeam.com/docs/backu ... ml?ver=110
https://helpcenter.veeam.com/docs/backu ... ml?ver=110
Who is online
Users browsing this forum: Semrush [Bot] and 10 guests