This is an industry-standard and quite safe.
Veeam backup server requirements password#
This means that even if someone steals the configuration database, or in some shape, way or form gets a hold of the encrypted password in the database they cannot be decrypted. It ensures decryption of those passwords on another host than the one were encrypting them happened, fails. This is a reminder of why you need to keep your systems patched. They use the Microsoft CryptoAPI (FIPS certified) with the machine-specific encryption key for this.Īs a side note, you might have seen the big fuss around the critical vulnerability in January 2020 regarding CryptoAPI. Veeam encrypts the passwords of these users via strong encryption. Access to servers, proxies, repositories, interaction with virtual machines, etc. Veeam Backup & Replication itself requires credentials to do its work of protecting data and workloads. Add MFA to portect your credentials being abused when compromised
Veeam backup server requirements update#
Read Veeam Backup & Replication 9.5 Update 3 - Infrastructure Hardening for more details on this.
![veeam backup server requirements veeam backup server requirements](https://i.ytimg.com/vi/ElTLHUI3tcQ/maxresdefault.jpg)
All this, and more, prevents unauthorized access in the first place. Today you also want to leverage multi-factor authentication in order to protect access even better. For this reason, you absolutely must practice privileged credential hygiene. You must avoid the harvesting of those credentials. All this while locking down access, reducing the attack surface, leveraging segmentation, etc.Ī key element lies in prevention. You also need to adhere to the principles of least privilege rigorously. It requires physical security to start with. Security is not about one feature, technology or action. Protecting your Veeam Backup & Replication Server is critical
![veeam backup server requirements veeam backup server requirements](https://www.veeam.com/content/dam/veeam/en/public/images/windows-cloud-server-backup-agent/veeam-agent-for-windows-backup-recovery-2.jpg)
Hence, protecting your Veeam Backup & Replication Server is critical. These are quite literally the keys to the kingdom. Those credentials normally have privileges that you do not want to fall into the wrong hands. When they can logon to the Veeam Backup & Replication Server itself they can also grab all the credentials form the Veeam configuration database. They can do more than “just” delete all your backups, replicas, etc.
![veeam backup server requirements veeam backup server requirements](https://i.imgur.com/0qIjBlz.png)
In this blog, we will demonstrate one of the things that can go wrong when someone gets a hold of your Veeam Backup & Replication server administrative credentials.