Link Search Menu Expand Document

Hardening

Hardening is about securing the infrastructure against attacks by reducing the attack surface and thus eliminating as many risks as possible.

One of the main measures in hardening is removing all non-essential software programs and utilities from the deployed Veeam components. While these components may offer useful features to the administrator, if they provide additional access to the system they must be removed during the hardening process.

Also, creating visibility in what goes on in the infrastructure is part of hardening your infrastructure. Making sure you will notice when an attack may/is/or has taken place and then making sure logs and traces are saved for law-enforcement and security specialists when needed.

Making things more complicated to attackers will slow them down, so name your backup infrastructure servers using non backup related names : avoid names containing acronyms like “bkp”, “pxy”, “repo”, “vbr” or anything that could ease the task of an attacker to identify the backup infrastructure components. The more time it takes to identify assets, the more chances you have for a honeypot to work.

In addition to all principles and rules exposed above, hardening consists in the following detailed operations:

  • Segmentation
  • Attack surface reduction
  • Windows management considerations
  • Repository hardening specifics

Table of contents


Back to top

Copyright © 2023 Solutions Architects, Veeam Software.
Please note that information provided in this guide is not produced or verified by Veeam R&D but is a result of community effort based on the field observations.