Backup Blog Bites #3: The Backup Immutability Do’s & Don’ts Checklist 

Since backups are becoming lucrative targets for cybercriminals, vendors like Cohesity, Commvault, Dell, Rubrik, Veeam and Veritas have responded with new ransomware protection features – including immutability. 

With immutable backups, once the data is backed-up, it is fixed and unchangeable. It can never be deleted. Organizations gain an always-recoverable and secure backup, to protect themselves against cyberattacks.   

Immutability is an important capability; however, it can lead to a false sense of security if not implemented properly. When misconfigured, it is possible to delete supposedly immutable data, for example, by manipulating time/date settings on the storage device to bypass retention enforcement mechanisms.   

One of the best practices by the backup vendors is to ensure immutable backups are configured with retention lock – a parameter that prevents their deletion for a minimum period of time. If retention lock is not configured, cybercriminals can breach the backups by modifying large amounts of data, thereby quickly filling up the backup pools which results in deletion of all existing backups to free up space.  

 Even when retention lock is enabled, care must be taken to make sure cybercriminals can’t fool the backup systems to believe time is passing more quickly than intended. This is referred to as “time spoofing” attacks – where the attacker manipulates insufficiently secure time sync configuration to trick the backup systems into thinking that “X” years have passed.   

To give you a helping hand, here’s a list of do’s & don’ts for your immutable backups: 

Do’s 

1. Configure the immutability retention period 

2. Use secure time synchronization 

3. Enable two-person rule on immutability related settings 

4. Consider enabling anomaly detection 

5. Secure underlying hardware components such as iDRAC, IPMI, BMC, iLO, etc. 

6. Enable local user MFA 

7. Limit number of sessions 

8. Account Login Threshold 

9. Restrict administrative access 

10. Create Security Officer 

11. Disable inactive users 

12. Harden your backup catalog / repository 

Don’ts 

1. Many vendor solutions offer multiple flavors of immutable backup – some are softer than others. Weaker immutability mode enable users to alter, disable or remove the immutability option altogether – that of course defeats the purpose of immutability – you want to avoid these modes. 

2. Don’t use the same credentials to manage both primary storage and backup systems 

3. Don’t enable unrestricted remote access  

4. Don’t enable unsecure protocols such as FTP, Telnet or plaintext HTTP 

5. Don’t use unrestricted or vulnerable file shares 

6. Do not allow untrusted hosts to join the Backup domain 

7. Don’t use default passwords 

In less than 1 hour, assess the security of your backup environment: 
https://www.continuitysoftware.com/assess-the-security-of-your-backup-storage-environment/

Check out Backup Blog Post #4 in the series: How To Validate The Configuration Of Your Immutable Backups.