This is a blog post on note-taking for Veeam V12 Security Enhancement
Your responsibility
1. Secure your infrastructure
2. Secure your data
3. Secure your session
4. Secure your application
5. Secure your visibility
Base security
- Support ipv6
- All supported except
- Veeam Backup for Nutanix and RHEV
- Plug in for AWS, Azure and GCP
- Unmanaged Veeam Agent
- Kasten - not tested
Data Security
- Any repository with immutability
- Hardened repository
- Object lock for object storage
- Storeonce catalyst
- Primary Backup and archive
- NAS backup immutability
- Enterprise Plug-in backup immutability
Authentication
- Group managed service account for Application-Aware Image processing
- Backup Server does not store password
- Backup Server gets password on-demand from Active Directory
- Recovery Token for bare metal recovery on Veeam Agent
Application Security (Session)
- MFA for Veeam Console
- Auto Log off after X minutes
Visibility
- Classified data marking- by use tag/label. Required for security certification.
- New column in inventory: last backup. To identify who perform the action
Security update subscription
- https://veeam.com/knowledge-base.html
- Select security advisory
- Enter your email address
