Improving security of backups - case ID# 01236063

VMware specific discussions

Improving security of backups - case ID# 01236063

Veeam Logoby VeaamGuy » Wed Dec 16, 2015 4:50 am

When an encrypted backup is restored there is no prompt for the backup password.
For better security in case a user's Active Directory account does get compromised asking for the encryption password before performing the restore would be a very good security feature.

Can this be a simple implementation in the next product update? Or even better, is there a way to enable it right now by editing a setting or modifying a windows registry key, that would be awesome.

Cheers.
VeaamGuy
Influencer
 
Posts: 21
Liked: never
Joined: Mon Oct 19, 2015 4:11 am
Full Name: Rushad Irani

Re: Improving security of backups - case ID# 01236063

Veeam Logoby v.Eremin » Wed Dec 16, 2015 9:52 am

From where the restore was initiated? From the same backup console that created a backup? Was a backup still shown under backups node or it was imported from a different place? Were you using the same account for creating and restoring backup? Thanks.
v.Eremin
Veeam Software
 
Posts: 13255
Liked: 966 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: Improving security of backups - case ID# 01236063

Veeam Logoby VeaamGuy » Tue Dec 22, 2015 2:24 am

Sorry for the late reply.
The restore is initiated from the same backup console using the same account. Having said that I also tried to initiate the restore on the same server in the Veeam console with another user account and still doesn't ask me for for the encryption password.

Backup was showing under the backup node (if by backup node you mean under "Jobs" > "Backup") and it is not an imported backup.

Received the response from Veeam Helpdesk as below so can this please be added for future updates? It would be good for Veeam to prompt for a password for all restores or atleast have it as an option in the configuration for people who need to use it can enable it.

Hello Rushad,

Thanks for your reply.

"As mentioned I am referring to a standard restore and not an import"
What do you mean a standard restore, could you please clarify? There are 3 options to restore the backups:

1. To import it first and then perform the operation.
This option requires the password for encrypted backup when you do importing: http://prntscr.com/8smc95

2. To do the double-click on backup file.
This option opens Veeam console for you and the first thing it asks is a password it has been protected with: http://prntscr.com/9f6qxv

3. Use Powershell cmdlet.

"If a user’s Active Directory account is compromised the hacker can login and have access to a lot more systems via the backups than his account would allow for which is a big risk"
That's true. If the Administrator account has been compromised, and the thief has an access to the console that has all backups already imported, he will be able to restore any of those.

The second factor of authentication could be implemented as a feature request.You might want to submit the one on our official forum: http://forums.veeam.com/

There are no definite road maps for future releases, however our product management team reviews all requests on forum and the most valuable are submitted.

Please let me know if you have any other questions.
VeaamGuy
Influencer
 
Posts: 21
Liked: never
Joined: Mon Oct 19, 2015 4:11 am
Full Name: Rushad Irani

Re: Improving security of backups - case ID# 01236063

Veeam Logoby VeaamGuy » Fri Feb 19, 2016 12:09 am

Hi guys,
Any update on this? Has it been taken in to account for future improvements? Thanks.
VeaamGuy
Influencer
 
Posts: 21
Liked: never
Joined: Mon Oct 19, 2015 4:11 am
Full Name: Rushad Irani

Re: Improving security of backups - case ID# 01236063

Veeam Logoby Gostev » Fri Feb 19, 2016 1:38 am

Hi, Rushad. No updates yet, as nobody else has requested this feature besides you, as you can see. We prioritize all pending features based on the amount of requests. Thanks!
Gostev
Veeam Software
 
Posts: 21385
Liked: 2348 times
Joined: Sun Jan 01, 2006 1:01 am
Location: Baar, Switzerland

Re: Improving security of backups - case ID# 01236063

Veeam Logoby ober72 » Fri Jun 17, 2016 8:08 pm

Hi Folks,

My bad I thought I had read that this is exactly what happens. I am certain that the first time after running an encrypted backup and then trying a restore it asked for a password but now I see that it must cache this password. I would like to see this feature as well.

cheers
Geoff Burke
VMCE V9
ober72
Service Provider
 
Posts: 263
Liked: 38 times
Joined: Fri Jan 24, 2014 4:10 pm
Location: CANADA
Full Name: Geoff Burke


Return to VMware vSphere



Who is online

Users browsing this forum: Majestic-12 [Bot] and 14 guests