Dears, I want to report a bad experience I had about a similar topic.
Few days ago my system had an attack and the attacker had access to veeam backup console, he removed all backup repositories: 2 local nas and one remote repository.
Then instantly, he could delete all backups from everywhere, please consider he didn't have access to backup filesystem because they were stored to a network share with dedicated access. But of course the veeam console had it.
So my question is: do you think it is possible to prevent it?
Is possible to protect repositories from deletion?
I know the authentication is the first answer but the fact is that the veeam console was accessible to a domain user and somehow the attacker could impersonate this dedicate domain user to run the console.
I'm wondering if the second local backup is preferably to be done by external systems other than veeam backup copy not accessible by veeam.
Thank you for any suggestions.
#Mod: Topic split from here
-
- Novice
- Posts: 5
- Liked: never
- Joined: Sep 16, 2020 3:58 pm
- Full Name: Tobia Scapin
- Contact:
-
- Product Manager
- Posts: 9452
- Liked: 2513 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Deleted Backups Protection - Urgent Questions!
Hello Tobias
I‘m sorry to hear that you were attacked. Hopefully you had a offline copy of your backups.
To protect yourself against such attacks, please use one of our immutable or airgapped backup storage options.
If implemented correctly, an attacker will not be able to delete your backups:
Immutable backup storage: https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Airgapped backup media:
- offline tapes
- disconnected rotated disks
A third option:
- Veeam Cloud Cloud Connect provider with enabled insider protection
Best,
Fabian
I‘m sorry to hear that you were attacked. Hopefully you had a offline copy of your backups.
To protect yourself against such attacks, please use one of our immutable or airgapped backup storage options.
If implemented correctly, an attacker will not be able to delete your backups:
Immutable backup storage: https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Airgapped backup media:
- offline tapes
- disconnected rotated disks
A third option:
- Veeam Cloud Cloud Connect provider with enabled insider protection
Make sure that the backup server is not joined to your production domain. Install the backup console on a management server which can only be access by selected users. Additionally enable MFA for every user who will use the backup console to connect to the backup server: https://helpcenter.veeam.com/docs/backu ... ml?ver=120I know the authentication is the first answer but the fact is that the veeam console was accessible to a domain user and somehow the attacker could impersonate this dedicate domain user to run the console.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veeam Vanguard
- Posts: 701
- Liked: 138 times
- Joined: Jan 24, 2014 4:10 pm
- Full Name: Geoff Burke
- Contact:
Re: Protect backups against unwanted deletion
Hi tobiascapin,
Very sorry to hear this. Mildur's response above is spot on. I think going forward Veeam is encouraging people to follow Zero Trust in relation to Data protection. One of the principles of zero trust is "assume breach". So when you are building your environment you assume it is breached which means that you need to segment components and reduce the attack surface as much as possible. This was a bit of a learning curve for me when I first encountered it but Veeam have a white paper that explains this very clearly: https://www.veeam.com/wp-zero-trust-dat ... brief.html
cheers
Very sorry to hear this. Mildur's response above is spot on. I think going forward Veeam is encouraging people to follow Zero Trust in relation to Data protection. One of the principles of zero trust is "assume breach". So when you are building your environment you assume it is breached which means that you need to segment components and reduce the attack surface as much as possible. This was a bit of a learning curve for me when I first encountered it but Veeam have a white paper that explains this very clearly: https://www.veeam.com/wp-zero-trust-dat ... brief.html
cheers
Geoff Burke
VMCA2022, VMCE2023, CKA, CKAD
Veeam Vanguard, Veeam Legend
VMCA2022, VMCE2023, CKA, CKAD
Veeam Vanguard, Veeam Legend
-
- Novice
- Posts: 5
- Liked: never
- Joined: Sep 16, 2020 3:58 pm
- Full Name: Tobia Scapin
- Contact:
Re: Protect backups against unwanted deletion
Thank you everybody for your tips, I started to study the document and now I can really understand the approach.
Many thanks for your support.
Many thanks for your support.
Who is online
Users browsing this forum: Amazon [Bot], Bing [Bot], Semrush [Bot] and 151 guests