#Veeam Community Edition Install on server 2022 for the #Ransomware Lab
Backup and Replication License Agreement goes brrr
I ACCEPT
Now here is the default config
Installing all the things! This installs PostgreSQL 15.1
I've been in this industry basically my whole life and I still don't know what some of these phrases actually mean but as you install it, you get Marketing :)
"ENTERPRISE GRADE".. marketing people should use a dictionary etc. this doesn't make sense as a phrase to anyone ;) but… twitter.com/i/web/status/1…
ok weeeeeeeeeeeeeeeeeee we have the product installed!
Now in a biz env. we would normally want a resource forest. We could have made this a domain controller for the lab but workgroup mode so we will be accepting the risk of sending NTLM authentication. We are however NOT… twitter.com/i/web/status/1…
ok let's go tweeps! PROTECT all teh things with @Veeam !
Ok we need to update some components quickly (this was fast)
(they aren't paying me nor did they ask me to write any of this stuff, I just like the software) but it's nice to be able to get pricing quickly, for larger deployments you will need to go through the human sales process
ok so we have one backup repo, I've just added another disk so I'm going to make a new REPO
we can now add a REPO on the new data disk (e:\)
oh ooops i'm sleepy and on autopilot, we want to use a REFS file system with 64K cluster sizes for this! (not NTFS)
now this is in the lab and i'm doing this fast. think about your storage! i'm just gonna use the new virtual disk i just made for this demo
now we need to create a protection group, we are configuring bits and bops (in a not great way on purpose) i'm also doing the DC first because it has the right ports open and i've not domain joined the members yet :D
deployment goes brrrrr
sorry forgot to NOT exclude VMs.. essentially i want to treat this like a physical
ok we have now deployed the agent from the veeam console and then rebooted the domain controller! #winning
look frens we haz a Domain Controller backed up! wooohoo!
now let's get some tea and think about what else we need to do!
so let's do a quick sketch. This is what we have simulated (so far)
I can't stress this enough, with most backup products and solutions you can fuck urself by domain joining components or by leaving management interfaces available and having keepass or whatever password storage mechanisms compromised. I know of lots of orgs who have mASSIVE XLS… twitter.com/i/web/status/1…
but it's so easy to do. take people who:
> are time constrained
> are not trained
> are not given specialist security training
> do not have good leadership and management support
and you will get a recipe for a disaster that may come in many shapes and forms!
now back to the scenario.. we want to ensure we know what can go wrong, but also what can go right! so far we have just setup a workgroup server with REFS storage, but what other options are there? A hardened LINUX repo! cloud object storage! backup copies!
looks similar as almost every org I've worked with (super broad generalisation)
legacy systems oh my! wait till we see what runs in the private sector! (don't tell anyone about those 2008 servers!)
This might sound doom and gloom but having a view of maturity/resiliance across the government is a great thing! you can't address what you don't 'know' about!
This paragraph sounds in line with most orgs (IMHO)
I've been conducting maturity assessments for orgs of all shapes and sizes for a long long time! lots of people say they are a 3 when they are in fact a 1-2 (if we are using CMMi-SCV etc.)