Hardening
Hardening is about securing the infrastructure against attacks by reducing the attack surface and thus eliminating as many risks as possible.
One of the main measures in hardening is removing all non-essential software programs and utilities from the deployed Veeam components. While these components may offer useful features to the administrator, if they provide additional access to the system they must be removed during the hardening process.
Also, creating visibility in what goes on in the infrastructure is part of hardening your infrastructure. Making sure you will notice when an attack may/is/or has taken place and then making sure logs and traces are saved for law-enforcement and security specialists when needed.
Making things more complicated to attackers will slow them down, so name your backup infrastructure servers using non backup related names : avoid names containing acronyms like “bkp”, “pxy”, “repo”, “vbr” or anything that could ease the task of an attacker to identify the backup infrastructure components. The more time it takes to identify assets, the more chances you have for a honeypot to work.
In addition to all principles and rules exposed above, hardening consists in the following detailed operations:
- Segmentation
- Attack surface reduction
- Windows management considerations
- Repository hardening specifics
Table of contents
- Segmentation
- Attack surface reduction
- Workgroup or Domain ?
- Repository Specifics
- WORM Storage with Veeam Hardened Repository