Feature Request - Password to Delete from disk

Availability for the Always-On Enterprise

Feature Request - Password to Delete from disk

Veeam Logoby samburdett » Wed Apr 20, 2016 10:21 am

Hi all,

I have been seeing increasing numbers of sites being infected with cryptlocker like programs.
Unfortunately I have also seen these delete the contents of veeams backup repository. This has now been locked down only to allow access to the shares to unique accounts.
However, Veeam obviously still needs to read and write to the directory and so a way to circumvent the permissions would be to use the Delete from disk option within Veeam itself.
I was wondering if there are any plans (or even request) for a password to be configured on the delete from disk option?

Best regards
Sam
samburdett
Novice
 
Posts: 9
Liked: 4 times
Joined: Mon Jul 28, 2014 8:44 am
Full Name: Sam Burdett

Re: Feature Request - Password to Delete from disk

Veeam Logoby Shestakov » Wed Apr 20, 2016 11:06 am

Hi Sam,
I`m not sure there is such a thing in the future plans since it`s not the best way to be protected from such ransomware as CryptoLocker. Below is a good recommendation form Veeam VP
Gostev wrote:[But] here are some general recommendations:

1. Any separate storage device that is not directly write-accessible from compromised servers by industry-standard protocols (SMB, NFS) is "good enough" protection from CryptoLocker. But the storage device should use its own set of credentials (not from local directory, and not local accounts of the storage device). Additionally, you want that storage device located off-site. Cloud Connect service provider is ideal for this, and we actually have a recent success story posted on this forum where Cloud Connect saved the user from CryptoLocker.

2. I personally always recommend using tape whenever possible as the last line of defense. Even if it just a monthly export. Tape is true read-only storage that is also much more reliable than disk. I saw tape backups saving companies from worst disasters so many times... and, I also saw every line of comprehensive disk-based protection strategy failing miserably, leaving users with unrecoverable data loss.

Even more importantly, don't get too obsessed about CryptoLocker specifically. Upset employee deleting all your production data and backups is as likely, really. Storage-level corruption, fire, flood (including beer spill ;)) are also way more common than most think they are. So, always consider all threats to your data, don't get hung up on specific ones. And looking at the bigger picture, you will see that the only way to truly protect yourself from all threats is to have a read-only backup copy in a secure location off-site. All other solutions are cost/risk compromise.

Join the discussion for more information.
Thanks!
Shestakov
Veeam Software
 
Posts: 5027
Liked: 419 times
Joined: Wed May 21, 2014 11:03 am
Location: Saint Petersburg
Full Name: Nikita Shestakov

Re: Feature Request - Password to Delete from disk

Veeam Logoby AJLB94 » Thu Feb 16, 2017 10:19 pm

With modern ransomware, this has become a critical must have not a request.

New ransomware criminals are now much smarter. They exploit security vulnerabilities and elevate to administrator level permissions. They then launch Veeam B & R and select 'delete from disk'. This makes both onsite and cloud connect offsite backups useless.

Keep in mind there are 2 different types of ransomware - user launched and server targeted exploits. User launched typically cannot delete backups as users should not have permission to access the backups. However server targeted exploits are not launched by end-users, they are expert hackers that elevate themselves to administrator and they then have access to do whatever they want.

An additional prompt for a separate set of 'delete password' credentials is critical to prevent this. A pin number sent via text message or similar 2 factor authentication would be even better.

Without this feature, no one can rely on Veeam to protect their data from ransomware.
AJLB94
Lurker
 
Posts: 1
Liked: never
Joined: Thu Feb 16, 2017 4:03 pm
Full Name: AJ


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Google Feedfetcher, rweis, Yahoo [Bot] and 51 guests