Browsing Posts in vSecurity

Reading Time: 4 minutesIPv4 (Internet Protocol version 4) is a widely used protocol for network communication and is a core component of the TCP/IP stack. But it has some limits, one is the limit in terms of available addresses, expecially if we are talking about public IP. IPv6 (Internet Protocol version 6) was design to resolve all the limitation of IPv4. IPv6 is designated by the Internet Engineering Task Force (IETF) as the successor to IPv4 providing the following benefits:

Reading Time: 2 minutesMicrosoft warned customers to patch a critical TCP/IP remote code execution (RCE) vulnerability that impacts all Windows systems (client and server) using IPv6 stack. The vulnerability is identified as CVE-2024-38063 and it’s a 9.8-out-of-10 on the CVSS severity scale. Note that, on Windows systems the IPv6 is enabled by default and, in the past, Microsoft itself has not recommend disabling IPV6: ” We do not recommend that you disable IPv6 or its components, or some Windows components may not function.” (https://support.microsoft.com/en-us/kb/929852)

Reading Time: 3 minutesBackup content can be safe during the backup, but maybe there are some security threads that are not yet been identify (like 0-day attack) or maybe the backup data are corrupoted (like guest filesystem corruption). SureBackup is the Veeam technology that allows you to test machines backups and check if you can recover data from them. You can verify any restore point of a backed-up machine. For SureBackup, Veeam Backup & Replication uses a regular image-based backup. SureBackup job can operate in two different recovery verification modes:

Reading Time: 9 minutesVeeam Backup & Replication 12 supports different malware detection methods that works in different way and can be used together to reach different scopes. The first main diffecence is that some works inline (during the backup process on the source data) and other works with a post-processing directly on restore points saved on the repositories. For this reason also the load of those malware detection activities can be on different Veeam components, basically on the proxy servers for inline methods and the mount servers for the post-processing methods.

Reading Time: 4 minutesWhat is the four-eyes principle? The “four-eyes principle” (also know as the two-person rule) means that a certain crucial and critical activity (prone to human errors) must be approved by at least two people. This controlling mechanism is used to facilitate delegation of authority and increase transparency but also minimize errors or security attacks. In Veeam Backup & Replication, starting with v12, is possible enable the Four-Eyes Authorization feature to protect some crucial operations.

Reading Time: 5 minutesLot of storage, cloud and backup solutions are promising some kind of data immutability. Of course, immutability is an important key capability, but it does not imply automatically that your solution is secure (or more secure). It can give a false sense of security if not implemented properly. When misconfigured, it is possible to delete supposedly immutable data, for example, by manipulating time/date settings on the storage device to bypass retention enforcement mechanisms.

Reading Time: 2 minutesDiffent products are implementing a security model called “four-eyes principle” (also know as the two-person rule). In the backup and data protection are, for example, Veeam Backup & Replication (starting with v12) has the Four-Eyes Authorization feature to protect some crucial operations. But what is the four-eyes (4-eyes) principle and how does it work? First to all is nothing related to software or security but instead a way to minimize the human errors and can be appliable also to non IT activities.

© 2025-2011 vInfrastructure Blog | Disclaimer & Copyright