Removing all known attack vectors and only open up access when Veeam components are added and needs specific (port) openings or extra software to function properly. In a virtual infrastructure, it is good use to build up a Master image which has been hardened from the start. 1 (Keep It Simple and Straightforward) principle for your designs.Īdding security to an already existing infrastructure is much harder and costly than thinking about it while designing a new or refreshing an existing infrastructure. Simpler designs that can be easily overviewed are in basis more secure. Overly complex designs become harder for the IT team to manage and overlook and it makes it easier for an attacker to exploit and stay in the shadows. Within the hardening process of your Veeam infrastructure there are a few steps everyone should always consider and act upon, namely: Also the backup repositories which holds the backup files are a primary target. As a general rule the backup server is the single greatest target a hacker can claim on your network. Looking at the different Veeam Backup & Replication components you have to protect the following components:Ĭonsider the Veeam Backup & Replication server to be the Number 1 target on your infrastructure and it should have very restricted access. One of those countermeasures is hardening. If you know what and whom you are protecting against, makes it easier to take the correct countermeasures. Protecting your infrastructure successfully is all about understanding the current attack vectors what and whom you are protecting, your Veeam infrastructure, against. Making sure you will notice when an attack is/or has taken place and then making sure logs and traces are saved for law-enforcement and security specialists when needed. While these components may offer useful features to the administrator, if they provide ‘back-door’ access to the system, they must be removed during the hardening process.īut also, creating visibility in what goes on in the infrastructure is part of hardening your infrastructure. One of the main measures in hardening is removing all non-essential software programs and utilities from the deployed Veeam components. Hardening is about securing the infrastructure against attacks, by reducing its attack surface and thus eliminating as many risks as possible. It follows security best practices so that customers reduce chances of being compromised.
This chapter provides practical advice to help administrators to harden their infrastructure. This site uses Just the Docs, a documentation theme for Jekyll.
Backup Repository HA using Windows Storage Replica.
0 kommentar(er)
