Comprehensive data protection for all workloads
Post Reply
frankive
Service Provider
Posts: 1092
Liked: 134 times
Joined: May 14, 2013 8:35 pm
Full Name: Frank Iversen
Location: Norway
Contact:

Logging from Surebackup

Post by frankive »

Had an intereseting talk With my colleges during the morning coffee and during the talk we discussed if it is difficult for an administrator to f.ex get Access to a mailbox/data for their boss without getting detected. Our boss was also drinking coffee With us of course :)
I am not too deep into all the logging in Windows Server but I am pretty sure you will somehow leave some traces that would show if you change something in Windows Server. You probably can delete logs and etc. but by deleting that is a sign of something been wrong also..

But then I thought of SureBackup, if you fire up the server(s) you can easily just change password for Your boss (or change Security on files) to get Access to ALL data you need.
And when you shut Down the SureBackup there would be NO trace of what you have done. Correct?

So.. the idea was:
Is this something that can be a idea to implement in a feature Version of Veeam? Some kind of a injected loggign system during SureBackup that would log settings like passwordresets in ad, change of filesecurity etc. which could not be deleted? That would be it would be part of the history session. A delete of history session would then also be a sign that the administrator would try to hide what he had Down.

The boss could then insist to inspect that statistic/logging when he wanted (With mail f.ex)

Just an idea :)

Hope to hear what you think
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Logging from Surebackup

Post by PTide » 1 person likes this post

Hi,

There would be no trace as well if you just deploy a machine from backup and get an access to all data you need and then delete the machine. The problem is that there is always a list of guys whom you have to trust and, I believe, Backup Admin is in that list. Btw, there is a "History" tab, which cannot be edited manually. Well, actually you could try editing the database manually in order to delete some history entries, but you'd probably ruin everything due to complex interconnections and relations between tables. The most optimal would be to agree with boss on SureBackup Jobs schedule so he/secretary can watch what his admin is doing. So, if any Job (whether SureBackup or Restore) runs out of a predefined schedule that would be a valid reason to punish someone responsible for that.

Thank you.
frankive
Service Provider
Posts: 1092
Liked: 134 times
Joined: May 14, 2013 8:35 pm
Full Name: Frank Iversen
Location: Norway
Contact:

Re: Logging from Surebackup

Post by frankive »

Sounds reasonable. Just an interesting topic regarding IT-security I think :)
Post Reply

Who is online

Users browsing this forum: david.domask, Dynamic and 190 guests