Once complete, install the latest updates. Install the OS following the wizard steps.ISO file for Ubuntu Server 20.04 LTS then boot your machine to run the installation wizard. Configure the Repositoryįor this procedure the Ubuntu Linux distribution is used to implement the Hardened Repository. Unlike backup jobs, backup copy jobs require a GFS retention policy to be able to utilise the Immutability feature.Since backups cannot be modified due to Immutability, only forward incremental with periodic synthetic or active full backups are supported.The Linux Server should support XFS (enable the use of the Veeam fast cloning technology) and it is the recommended file system to use.A 64 bit Linux distribution: Ubuntu 20.04 LTS is recommended by Veeam.Although the solution can run as virtual machine, a physical machine is strongly recommended for security concerns.The Immutability feature protects backups against overwriting, accidental deletion, ransomware attacks and internal intruders, whilst the single-use credentials ensure backup files will be safe, even if the Veeam Backup & Replication server is compromised.
The repository essentially becomes an impenetrable black box. The only way to access or manage the server is through the servers integrated management (such as ILO, or iDRAC – if enabled) or by physically accessing the machine. SSH is disabled and Veeam components can only communicate using non-root credentials on limited TCP ports. The hardened repository is connected directly to the Veeam server without any network or external access. This builds on the existing feature that allows you to store your Veeam backups in our S3 Compatible Object storage using the Object Lock API.
What is a Hardened Repository?įrom v11, Veeam provides the capability to have immutable backups locally with its new Hardened Repository. Without hiring a team of security experts to patch, scan and monitor your network at considerable cost, how can you secure customer data and guarantee it is protected, even if the root account is compromised? Veeam have a solution to this problem with their local immutable storage, the Hardened Repository. The exploit allows an attacker to gain full root privileges on a vulnerable host, and essentially means the sudoers file has been optional on almost all Linux installs since 2009! Security experts Qualys released a post only last week about a ‘new’ local privilege escalation vulnerability on Linux systems (CVE-2021-4034). Measures can be put into place to reduce the risk and you can follow the security best-practice handbook to the letter, but it will still be impossible to predict and protect against all attack surfaces. Software, OS and hardware vulnerabilities will never stop being found. It’s a fact that no network-connected system can provide you with guaranteed protection against data loss.
0 kommentar(er)
