Sharing integrity used by the VEB

Backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)

Sharing integrity used by the VEB

Veeam Logoby tacioandrade » Mon Dec 05, 2016 1:54 am

Good night, I use Veeam Endpoint Backup to backup some desktops with Samba sharing, but I came up with a possible problem with ransomwares attacks.
When creating the backup job in VEB I always put a user created for backup only, but my question is whether during a backup job, while the share is accessed by Veeam, if the computer is infected with ransomware there is the possibility of all backup Be compromised?
For a file server I usually use Bacula or Syncovery because they pull the data, preventing a virus on the server from destroying the stored data, but since the Veeam Agent and Endpoint uses Samba or NFS, I was left with that doubt.

Sincerely, Tácio Andrade.
tacioandrade
Enthusiast
 
Posts: 29
Liked: 3 times
Joined: Thu Nov 17, 2016 2:04 am
Full Name: Tácio Andrade

Re: Sharing integrity used by the VEB

Veeam Logoby Vitaliy S. » Mon Dec 05, 2016 11:39 am

Hi Tácio,

You can try to follow Dima's recommendation in this thread to address the cryptolocker issue > endpoint cryptolocker protection - veeam repository

Thanks!
Vitaliy S.
Veeam Software
 
Posts: 19773
Liked: 1120 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: Sharing integrity used by the VEB

Veeam Logoby Dima P. » Mon Dec 05, 2016 11:41 am

Hi tacioandrade,

When creating the backup job in VEB I always put a user created for backup only, but my question is whether during a backup job, while the share is accessed by Veeam, if the computer is infected with ransomware there is the possibility of all backup Be compromised?

I have not heard about a ransomware smart enough to parse the configuration from applications, so if you can’t access the backup destination from machine via regular windows browser, you are good to go.
Dima P.
Veeam Software
 
Posts: 6517
Liked: 454 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Sharing integrity used by the VEB

Veeam Logoby tacioandrade » Mon Dec 05, 2016 4:41 pm

My doubt is that I have seen some ransomwares that could spread through samba shares not mounted directly as a unit but rather scouring the network.

If the VEB accesses the share so that the entire system and not only the application can read and write, ransomware can completely corrupt the backup.

Vitaliy S. wrote:You can try to follow Dima's recommendation in this thread to address the cryptolocker issue > endpoint cryptolocker protection - veeam repository


Thank you very much I will read on this topic and hopefully I have some idea how to solve the problem from it.


Sincerely, Tácio Andrade.
tacioandrade
Enthusiast
 
Posts: 29
Liked: 3 times
Joined: Thu Nov 17, 2016 2:04 am
Full Name: Tácio Andrade

Re: Sharing integrity used by the VEB

Veeam Logoby tacioandrade » Mon Dec 05, 2016 4:55 pm 1 person likes this post

I just read the post and from what I was reading it was focused on VBR and not Samba sharing. But this has given me hope that my policy will be functional, at least for now.

I will try to mount a lab later to test directory access while the backup is being done and see if it is possible or not.

Sincerely, Tácio Andrade.
tacioandrade
Enthusiast
 
Posts: 29
Liked: 3 times
Joined: Thu Nov 17, 2016 2:04 am
Full Name: Tácio Andrade

Re: Sharing integrity used by the VEB

Veeam Logoby tacioandrade » Mon Dec 05, 2016 9:41 pm

Good afternoon, I tested with Veeam Endpoint Backup and Veeam Agent for Linux Beta and I have some information to share.

In VEB when backing up Veeam does not keep the share via samba share, at least not for the computer user, so much that during the running backup I tried in several ways to access the linux server running Samba and to no avail.

However in the Veeam Agent for Linux it is different, to run the service, either via NFS or via CIFS it mounts direct sharing in the operating system, which can be a problem.

At least Windows against the ransomwares I believe that the Veeam Endpoint Backup + linux Server or NAS with access to only 1 user is a good option.
tacioandrade
Enthusiast
 
Posts: 29
Liked: 3 times
Joined: Thu Nov 17, 2016 2:04 am
Full Name: Tácio Andrade

Re: Sharing integrity used by the VEB

Veeam Logoby PTide » Tue Dec 06, 2016 2:41 pm 2 people like this post

Hi,

However in the Veeam Agent for Linux it is different, to run the service, either via NFS or via CIFS it mounts direct sharing in the operating system, which can be a problem.

The directory where Veeam Agent for Linux mounts shared folder has root set as an owner and write permissions are set for owner only so during the backup seesion no one except root is allowed to write into that directory.

Thanks
PTide
Veeam Software
 
Posts: 3140
Liked: 262 times
Joined: Tue May 19, 2015 1:46 pm

Re: Sharing integrity used by the VEB

Veeam Logoby tacioandrade » Tue Dec 06, 2016 3:27 pm

True, I checked that too, but if an ransomware attacked the Linux server and was able to scale the permissions it could encrypt the files.

But from what I know of Linux there would be no other way to send the files via samba or NFS without mounting as a directory in the operating system.

I still believe in the security of the Veeam Agent, but on Linux I would think of creating 2 distinct jobs, each saving on a samba share with different username and password.


Sincerely, Tácio Andrade.
tacioandrade
Enthusiast
 
Posts: 29
Liked: 3 times
Joined: Thu Nov 17, 2016 2:04 am
Full Name: Tácio Andrade

Re: Sharing integrity used by the VEB

Veeam Logoby PTide » Tue Dec 06, 2016 4:40 pm

True, I checked that too, but if an ransomware attacked the Linux server and was able to scale the permissions it could encrypt the files.

Even with root permissions a ransomware needs to know share parameters (UNC and credentials) in order to mount the share. If you have some ideas of where it could possibly get it from please share them and we'll make sure to have the loophole covered.

Thanks
PTide
Veeam Software
 
Posts: 3140
Liked: 262 times
Joined: Tue May 19, 2015 1:46 pm

Re: Sharing integrity used by the VEB

Veeam Logoby tacioandrade » Tue Dec 06, 2016 6:38 pm

Actually, my fear would not be to get it, because I know you guys do a great job on the information storage part, my fear is during the backup job, while the veeam works to access and encrypt the data.

I know I'm being a little manic for security, but I've had friends who've lost almost everything on ramsonware and so I'm in this way.
tacioandrade
Enthusiast
 
Posts: 29
Liked: 3 times
Joined: Thu Nov 17, 2016 2:04 am
Full Name: Tácio Andrade


Return to Veeam Agent for Windows



Who is online

Users browsing this forum: No registered users and 6 guests