{"id":55152,"date":"2022-11-15T09:00:12","date_gmt":"2022-11-15T08:00:12","guid":{"rendered":"https:\/\/nolabnoparty.com\/?p=55152"},"modified":"2022-11-14T13:58:08","modified_gmt":"2022-11-14T12:58:08","slug":"10-tips-to-secure-veeam-backup-server","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/10-tips-to-secure-veeam-backup-server\/","title":{"rendered":"10 tips to secure Veeam Backup Server"},"content":{"rendered":"<p><img decoding=\"async\" class=\"aligncenter wp-image-55161 size-large\" title=\"ten-tips-to-secure-veeam-backup-server-01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-01-600x201.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-01\" width=\"600\" height=\"201\" \/><\/p>\n<p>Since the backup is the <strong>last line of defense<\/strong> against <a href=\"https:\/\/en.wikipedia.org\/wiki\/Ransomware\" target=\"_blank\" rel=\"noopener\">ransomware attacks<\/a>, you need to secure <a href=\"https:\/\/nolabnoparty.com\/en\/veeam-v11-linux-backup-proxy-configuration\/\">Veeam Backup Server<\/a> access to ensure maximum <strong>data protection and availability<\/strong>.<\/p>\n<p>There are some recommended settings to apply to your backup infrastructure to keep <strong>access under control<\/strong> and provide the <strong>highest level of security<\/strong> to your Veeam Backup Server.<!--more--><\/p>\n<p>&nbsp;<\/p>\n<h2>Secure Veeam Backup Server<\/h2>\n<p>Due to the next release of Veeam Backup &amp; Replication, the screenshots have been taken using version 12 beta 3 to keep the <strong>settings good for the next version<\/strong> as well.<\/p>\n<p>Here are the ten tips to secure Veeam Backup Server:<\/p>\n<ul>\n<li><strong>01 Move the Veeam Console to a management VM<\/strong> - Use a dedicated VM to manage the access to the Veeam infrastructure.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55163 size-large\" title=\"ten-tips-to-secure-veeam-backup-server-02\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-02-600x327.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-02\" width=\"600\" height=\"327\" \/><\/p>\n<ul>\n<li><strong>02 Use accounts with right roles<\/strong> - To limit unauthorized changes o malicious activities, assign the correct permissions to each account configured to access the Veeam console.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55165 size-full\" title=\"ten-tips-to-secure-veeam-backup-server-03\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-03.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-03\" width=\"501\" height=\"413\" \/><\/p>\n<ul>\n<li><strong>03 Remove the BUILTIN\\Administrator group<\/strong> - Only added accounts have the appropriated permissions to operate in Veeam based on the assigned role and not if they are member of the Local Administrators group.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55167 size-full\" title=\"ten-tips-to-secure-veeam-backup-server-04\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-04.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-04\" width=\"501\" height=\"413\" \/><\/p>\n<ul>\n<li><strong>04 Activate 2FA per account<\/strong> - Secure Veeam Backup Server access by enabling MFA per account. This feature will be available with <strong>Veeam VBR v12<\/strong>.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55169 size-full\" title=\"ten-tips-to-secure-veeam-backup-server-05\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-05.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-05\" width=\"501\" height=\"413\" \/><\/p>\n<ul>\n<li><strong>05 Enable auto logoff<\/strong> - To prevent a console from remaining accessible if not in use, enable the console auto logoff option. This feature will be available with <strong>Veeam VBR v12<\/strong>.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55171 size-full\" title=\"ten-tips-to-secure-veeam-backup-server-06\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-06.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-06\" width=\"501\" height=\"413\" \/><\/p>\n<ul>\n<li><strong>06 Enable data encryption for configuration backup<\/strong>\u00a0- To protect your infrastructure and keep all used passwords in the configuration in case of server restore, enable encryption for the Veeam database configuration.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55201 size-full\" title=\"ten-tips-to-secure-veeam-backup-server-07\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-07.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-07\" width=\"504\" height=\"464\" \/><\/p>\n<ul>\n<li><strong>07 Use encryption on all backup jobs<\/strong> - To protect your backup data increasing the security, enable the encryption on all backup jobs.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55185 size-full\" title=\"ten-tips-to-secure-veeam-backup-server-08\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-08.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-08\" width=\"496\" height=\"603\" \/><\/p>\n<ul>\n<li><strong>08 Disable the Remote Desktop service<\/strong> - Access via RDP protocol to the backup server is blocked saving the computer from potential intrusion.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55194 size-large\" title=\"ten-tips-to-secure-veeam-backup-server-09\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-09-600x543.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-09\" width=\"600\" height=\"543\" \/><\/p>\n<ul>\n<li><strong>09 Disable Remote Registry service<\/strong> - Remote users will not be able to modify registry settings on the server.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55196 size-large\" title=\"ten-tips-to-secure-veeam-backup-server-10\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-10-600x545.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-10\" width=\"600\" height=\"545\" \/><\/p>\n<ul>\n<li><strong>10 Updates<\/strong> - Always keep your backup server version always up to date to avoid potential security issues.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-55198 size-full\" title=\"ten-tips-to-secure-veeam-backup-server-11\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/11\/ten-tips-to-secure-veeam-backup-server-11.jpg\" alt=\"ten-tips-to-secure-veeam-backup-server-11\" width=\"496\" height=\"603\" \/><\/p>\n<p>Following these recommendations, the Veeam Backup Server will be protected and secured against <strong>unauthorized access<\/strong>.<\/p>\n<p><img decoding=\"async\" title=\"signature\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"signature\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since the backup is the last line of defense against ransomware attacks, you need to secure Veeam Backup Server access to ensure maximum data protection and availability. There are some recommended settings to apply to your backup infrastructure to keep access under control and provide the highest level of security to your Veeam Backup Server.<\/p>\n","protected":false},"author":3,"featured_media":55161,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[2138,933],"tags":[2543,2370,1572,584],"class_list":["post-55152","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-backup-en","category-veeam-en","tag-access-en-2","tag-secure","tag-server-en","tag-veeam-en","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/55152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=55152"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/55152\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/55161"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=55152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=55152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=55152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}