Search This Blog

Tuesday, June 28, 2022

Note Taking: Veeam v12 Security Enhancement

This is a blog post on note-taking for Veeam V12 Security Enhancement

Your responsibility

1. Secure your infrastructure

2. Secure your data

3. Secure your session

4. Secure your application

5. Secure your visibility

Base security

  • Support ipv6
  • All supported except
    • Veeam Backup for Nutanix and RHEV
    • Plug in for AWS, Azure and GCP
    • Unmanaged Veeam Agent
  • Kasten - not tested

Data Security

  • Any repository with immutability
  • Hardened repository
  • Object lock for object storage
  • Storeonce catalyst
  • Primary Backup and archive
  • NAS backup immutability
  • Enterprise Plug-in backup immutability

Authentication

  • Group managed service account for Application-Aware Image processing
  • Backup Server does not store password 
  • Backup Server gets password on-demand from Active Directory
  • Recovery Token for bare metal recovery on Veeam Agent

Application Security (Session)

  • MFA for Veeam Console
  • Auto Log off after X minutes

Visibility

  • Classified data marking- by use tag/label. Required for security certification.
  • New column in inventory: last backup. To identify who perform the action 

Security update subscription

  • https://veeam.com/knowledge-base.html
  • Select security advisory
  • Enter your email address