Achieving WORM compliance without WORM media

[unsichtbarre]

WORM in the form of physical media is clearly an obsolete concept as it manifests mostly as tape/optical media. There are proprietary solutions (NetApp SnapLock) that advertise WORM compliance on random-access media, can Veeam not be configured in such a way as to provide WORM compliance? Would it be possible to modify the contents of a *.VBK without leaving evidence?

I wanted to add, I understand Veeam is not directly compliant with WORM media, but I am wondering if Veeam itself can be made WORM compliant with disk-based media.
-THX

The actual regulations defining WORM compliance state that:

(ii) The electronic storage media must:
(A) Preserve the records exclusively in a non-rewriteable, non-erasable format;
(B) Verify automatically the quality and accuracy of the storage media recording
process;
(C) Serialize the original and, if applicable, duplicate units of storage media, and
time-date for the required period of retention the information placed on such electronic storage
media; and
(D) Have the capacity to readily download indexes and records preserved on the
electronic storage media to any medium acceptable under this paragraph (f) as required by the
Commission or the self-regulatory organizations of which the member, broker, or dealer is a
member.

[veremin]

I don't think that WORM principles can be met exclusively by software. As long as backup data resides on rewriteable and erasable media (disk-based solution), you won't be compliant with WORM regulation policy. Thanks.

[unsichtbarre]

I agree completely - yet vendors like NetApp, all LTO 3+ media, and Bloomberg have proprietary solutions based on magnetic media which claim to be WORM compliant. Either they are lying (stretching the definition of WORM) or Veeam users are missing out on an opportunity - based only on interpretation of a standard

https://www.netapp.com/us/media/ds-2448.pdf
https://en.wikipedia.org/wiki/Linear_Tape-Open

[csydas]

Well, for LTO WORM, it fundamentally is just an LTO3 tape that is flagged as WORM via the cart memory. Otherwise the data is perfectly editable except for scouts honor that the drive will properly recognize it. I'm sure it's not a huge attack vector, but I wouldn't really consider that Write Once so much as Write Once and Hope It Never Gets Written Again.

Per Netapp, I just can't imagine how they can write that when it comes to spinning disks and SSDs, and it would strike me as the WORM media here simply being untested. I don't think there's any regulatory agency that verifies claims of WORM, so my guess is that it's controlled completely from a software side so "(Intended to be) Write Once Read Many" (IWORM) is more appropriate here. If the standard is really that low then I guess I fail to see why a software protection implemented elsewhere wouldn't be accepted. I was reading a document on WORM from the SEC awhile back regarding validating WORM, and the document itself more or less said that the definition of WORM was meant to define some means of verifying integrity, which we can do with things like Merkle Trees and signature magic if we really want to from a software side. As far as I'm concerned, and the SEC it seems, only actual WO media is truly WO. Stuff that uses a special solution to become WO by definition is not WO.

But, if your audit includes a checklist that has WORM Cassettes on it, then just use them. Per this old old thread, I guess it was tested, but for whatever reason full support was just never added.

tape-f29/worm-tapes-t19654.html
tape-f29/worm-tapes-t19654.html#p98945

So pop-in your LTO WORM tape for your documents but treat them special and make sure everyone pays attention.

[Gostev]

Per this old old thread, I guess it was tested, but for whatever reason full support was just never added.

This is something we're working on for the next update, good chance it will make it. Thanks!

[csydas]

Oh, well ask and ye shall receive. There you go

[mcz]

another WORM solution would be provided by this vendor: https://www.fast-lta.de/en/

[unsichtbarre]

Great news from Gostev!

I fundamentally rail at clear standards that major vendors (NetApp/Bloomberg) feel free to fudge, just because they are big players. The standard is clearly written to avoid magnetic media, where it would not only be possible to defeat the WORM functionality of an LTO cassette, but simply expose it to a powerful magnet and erase it without physically destroying it. The same is true for other disk-based solutions that claim to be WORM compliant. These types of solutions are clearly not WORM compliant in the strictest sense, even if they are "considered to be."!

That being said, WORM is an obsolete standard that some pencil-pusher has kept alive in an era of cloud-computing and random-access datastores! It is time for WORM to go away and be replaced with verifiable checks of file dates and completeness of chains.

Back to my original question, would it be possible to fudge the data on a Veeam Backup file (*.vbk) and still have it pass the CRC?

THX

[csydas]

This I can answer from when we messed with Health Check - no. You can fudge with it, but the moment that a merge or health check hits, it will throw an error. So I suppose within a small time frame, yes, it's vulnerable to a block level attack, but if you're encryption on top of compressed and deduplicated storage, at best you can just really goof the data. Intentional editing likely would require a level of access and domain knowledge that just editing the production VM data would be easier/more efficient.

[Gostev]

Harvey is correct, using encryption is the easiest way to ensure backup file integrity. This way, you cannot modifying even a single bit without this change being undetected.

simply expose it to a powerful magnet and erase it without physically destroying it.

This is why such tapes always go to a 3rd party managed vault or mountain physical security is required for any media type whatsoever - there's not a single one that you won't be able to mess up having physical access to it.