Executive Summary
In the last decade, we have seen a rise in cyber warfare. Today, almost every company in the world, big and small has encountered some form of Ransomware. We have seen that security has become more and more critical for every organization. When environments are breached, backup turns out to be the last line of defence and the first line of recovery. Therefore, it is critical to make sure that it itself does not fall victim to Ransomware.
In this document we will discuss how to set up a Veeam Hardened Repository with immutability. These kinds of repositories, when setup correctly, can help you defend a ransomware attack by making sure that your backups will not be encrypted and that you can recover from such attacks successfully.
We used RHEL 8 in this document as it is a popular distribution in Enterprise environments. Most of the items discussed in this document can be applied to other distributions although RHEL has a strong focus on security and compliance. For example, RHEL allows you to install the system under a NIST profile that enforce extra security rules out of the box. A good example here is the use of FAPolicyd, a software framework that blocks applications from running if they are unknown to the system.
Whitepaper: Veeam-Hardened-Repository-with-RedHat-Enterprise-Linux