Security hardening and/or best practice guide

Backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)

Security hardening and/or best practice guide

Veeam Logoby LukeAd » Mon Apr 25, 2016 8:41 pm 1 person likes this post

First I must say thank you and great job on VEB...a fantastic product (at a great price!)

For some time we have used VBR for our servers, and now with VEB for our user endpoints I feel our backup strategy is complete.

However after narrowly escaping disaster last year when one of our users got infected with Crypto-ransomware, I have been looking for ways to sleep peacefully at night with the assurance that our backups are as safe as possible.

I have read many threads on here where others are obviously also afraid of ransomware getting into their backups, but I have had a difficult time piecing together a comprehensive and authoritative set of steps from all these threads that I can follow to feel like I'm doing the best I can to protect my backups against ransomware.

In this thread it looks like a potentially great Veeam hardening document is being worked on, but as that thread is in the VBR forum, I don't know if this will also include VEB.

Is there (or will there be) a definitive "all in one place" guide on best practices for security and for shielding backups from ransomware-type threats in VEB? Something like this would be a HUGE benefit for the IT jack-of-all-trades but master-of-none types like me that do their best to cover so many bases but benefit most when somebody just puts all the best advice in one central place.

Thanks again for great stuff...I can truly say I love using anything from Veeam!
LukeAd
Enthusiast
 
Posts: 26
Liked: 6 times
Joined: Wed May 07, 2014 2:35 pm
Full Name: Luke Admin

Re: Security hardening and/or best practice guide

Veeam Logoby Dima P. » Wed Apr 27, 2016 11:35 am

Hi Luke,

Thank you for kind words! Several recommendation were discussed in this thread – take a look and let us know if it helps.
Dima P.
Veeam Software
 
Posts: 6242
Liked: 440 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Security hardening and/or best practice guide

Veeam Logoby LukeAd » Wed Apr 27, 2016 11:46 am

Thanks, I had already read that thread twice (among a number of others). :wink:

So then I guess the answer to my question is, "no, there will not be a security hardening or best practice guide for VEB" like the one that is being worked on for VBR?
LukeAd
Enthusiast
 
Posts: 26
Liked: 6 times
Joined: Wed May 07, 2014 2:35 pm
Full Name: Luke Admin

Re: Security hardening and/or best practice guide

Veeam Logoby Dima P. » Wed Apr 27, 2016 12:36 pm

Honestly, we did not plan a dedicated guide for VEB, but I’ll share your request with the team. Thanks!
Dima P.
Veeam Software
 
Posts: 6242
Liked: 440 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Security hardening and/or best practice guide

Veeam Logoby caballo2000 » Sat Apr 30, 2016 6:56 am

Currently there is any ransomware malware atacking Veeam Endpoint backup extensions?
caballo2000
Influencer
 
Posts: 11
Liked: 1 time
Joined: Fri Apr 29, 2016 5:02 am
Full Name: Alex

Re: Security hardening and/or best practice guide

Veeam Logoby BLWL » Mon May 02, 2016 6:11 am 1 person likes this post

A general security guide would be really nice!

caballo2000 wrote:Currently there is any ransomware malware atacking Veeam Endpoint backup extensions?


Can't speak for if some malware is specifically targeting Veeam, I haven't heard about it. However, there are several ransomware that, if access, might encrypt your backup files.

Some suggestions for securing Veeam in a bigger environment:

[*] Network segmentation Veeam server, proxies and repositories (tight fw access rules, especially no client access to repositories)
[*] Account segmentation specifically for Veeam servers (deny login from other accounts)
[*] Encrypt backups (probably won't help against ransomware, but offers protection in other scenarios)

Edit: Here are some more suggestions: https://www.veeam.com/blog/how-to-avoid ... ocker.html

/BLWL
BLWL
Influencer
 
Posts: 15
Liked: 3 times
Joined: Tue Jan 27, 2015 7:24 am
Full Name: Bjorn L


Return to Veeam Agent for Windows



Who is online

Users browsing this forum: No registered users and 5 guests