One of the things that should not be neglected when it comes to building an organization's Backup infrastructure is the security of the Backup infrastructure. Backup Infrastructure has a lot of potential to be used as a BackDoor to access sensitive information from the organization. In this tutorial, the security considerations needed to implement a secure Backup infrastructure will be explored when using the Veeam Backup and Replication software.
Backups and Replicas
To ensure the security of information on Backup and Replica in the organization, observe the following:
Make sure of the physical security of the destination servers. It's no different that your Backup is stored on the Server, SAN or Tape and CDs. When the attacker has physical access to the location of the equipment used as the backup destination, the security of the backup information is almost zero. In this case, the backup backup risk is even greater than the lack of backups. Of course, it depends on how confidential information is.
Limit users' access to backup and replica servers. Make sure all users do not have direct access to files stored on backup devices.
Encrypt backed up information. This is one of the features that, thankfully, is included in the Veeam Backup and Replication software. In this case, the attacker will not be able to use them even if they have access to the information. (Of course, data can still be destroyed)
Data Communication Channel
It is necessary to steal data security when data is transferred from critical servers to Backup and Replica servers. In order to secure information in the backbone source and destination network, the following are the recommendations of Veeam Backup and Replication.
Isolate Backup Traffic: Use a networked connection between the various components of the Backup infrastructure that includes Backup Servers, Backup Proxies, and Repositories.
Encrypt network traffic: By default, Veeam Backup and Replication uses encryption information when transferring information in the public network or public networks. But it can also be activated to transfer data to private organizations or private networks. In this case, even if an attacker has infiltrated the internal network, it will not be able to capture information from the network.
As you know, Backup software requires high-level access to the backup source server to execute the backup process. Veeam Backup & Replication also includes Backup Solution that can backup Virtual Infrastructure. That's why there's a lot of risk of being able to steal Credential through the Veaam server. But how can the Credential stolen, or the valid username and password, be reduced?
One of the most important recommendations is to use the latest firmware updates as soon as they are released. Because in many security updates, several Credential Stealing methods may be available. This highlights the need for more reliable and upgraded licensing platforms for network administrators and network administrators. In addition to not updating the operating system, the use of outdated authentication protocols is equally as risky.
So make sure you get updates on the servers in the Backup infrastructure continuously.
For SSH, use the strongest encryption available. (Veeam uses SSH to communicate with Linux servers) Ensure that private keys are kept in the safest place possible.
Although this article outlines ways to secure the backup infrastructure, the fact is that all of them are the smallest thing to do with Security. What other issues do you think should be considered in implementing the Backup infrastructure?
In the following articles, the installation method of Veeam and its various scenarios will be on the single-ticked website.