Account/Password is safe?

[snakeaj]

Hello!

I want to configure a realy safe backup for my server to a NAS.
NAS is only allowed to accept connections from one ip, only SMB Service, one Share, own account,..

NOW i am concerned about the Software.
I have to enter user/password in Veeam Agent to establish connection to the NAS.
How is that login saved on the server?
Is it possible eg. for a hacker to get that account information i have entered in my backup job?

thank you very much
alex

[wishr]

Hi Snakeaj,

We use DPAPI to store the credentials. Moreover, we take cybersecurity very seriously here at Veeam and have lots of security procedures in place to make sure our products, and thus, your business-critical data are securely protected from cyber-criminals at all layers.

Thanks

[Gostev]

Is it possible eg. for a hacker to get that account information i have entered in my backup job?

Yes, it is definitely a possibility. This would require a hacker to wait for the next zero-day privilege escalation vulnerability in Windows, which will enable them to get LOCAL SYSTEM privileges. With that, extracting all saved credentials is trivial - whether from Veeam software, any other software, or Windows Credentials Manager itself.

The only real protection against cyber-attacks are air-gapped (offline) backups. For example, rotated hard drives or tape. There are also some creative solutions with automatically powering off NAS or network switch used by NAS once the backup is complete, to offline your backup storage until the next backup job run.