Inquiry and Concerns Regarding Security in Veeam's Immutable Storage for Forever Incremental Backups

[Danh3]

Hello Community,

Veeam has introduced 2 types of storage hardening:

1. Linux hardened repository.
2. Backup to S3 immutable storage.

I'm interested in Veeam's immutable storage for forever incremental backups, where an initial full backup is followed by incremental backups indefinitely. The process involves merging previous incrementals into a full backup once the specified retention period is met.

If I understand correctly, there's still a potential risk during the merge phase of full backups or backup files become mutable. After the lock expires, making the backup files mutable (initial full and old incrmental), incremental jobs begin merging into the full backup. In a scenario where malware is present during the immutable time frame and executes when the backup files become mutable, the integrity of the full backup can be compromised.

This situation could impact both local and cloud immutable storage.

To prevent such compromises, what measures can be taken to enhance security during the merge phase of full backups? thank you

[Mildur]

Hi Dan

1. Linux hardened repository.

You can't make Forever Incremental backups immutable on a hardened repository. You need to have regular full backups or those backups won't be immutable. Use XFS and weekly synthetic full backups. Then you can use Fast Clone which gives you space less full backups.

2. Backup to S3 immutable storage.

We don't have backup file on the object storage. There won't be any merge.
Restore Points are divided into small objects (default block size 1MB) on the object storage. Each of these objects is assigned an immutability date when they are stored on the object storage (specified immutability period + 1-10 days block generation)

During incremental backup sessions, only new or modified data is uploaded as new objects. When it's time to extend immutability (every 1-10 days for existing objects), we simply update the date on the existing object. There will never be a day when objects still used by most recent restore points become mutable again.

Best,
Fabian

[Danh3]

@Fabian thanks


just want to clarify that we will needs to perform either regular full backups or synthetic full backups on a weekly basis to ensure immutability in this setup ?

[Gostev]

There must be periodic fulls but it does not matter how often you make them. Most people do weekly simply because they do not consume additional disk space (synthetic fulls on XFS) and yet are essential for GFS retention... GFS policies without weeklies are really uncommon indeed.

By the way, the backup job wizard will not let you point an incorrectly configured job to a backup repository with immutability enabled in any case, inf this is your worry. With Veeam it's really hard to screw up from not knowing something, as we always try to "hold your hand" with all sorts of checks and validations.