Loading...
Loading...
This article documents security improvements that can be made to the Veeam Backup Enterprise Manager server and its IIS-based websites.
Part 1: Disabling Weak Protocols and Ciphers By default, the Windows Server OS has numerous protocols and ciphers enabled, many of which are unnecessary when operating Veeam Backup Enterprise Manager. Protocols Veeam backup infrastructure components support the following TLS versions: TLS 1.2 TLS 1.3 is partially supported by backup infrastructure components installed on Microsoft Windows Server 2022. PowerShell components and components using OpenSSL do not support TLS 1.3. Note: For security reasons, disable outdated protocols TLS 1.0 and 1.1 if they are not needed. For more information, see this Microsoft article. Ciphers By default, the list of ciphers the Windows OS may negotiate for a given security protocol includes DES, RC2, RC4, and 3DES (Triple DES). These ciphers are considered vulnerable, and it's recommended to disable them. Veeam backup infrastructure components support AES (128 and 256) Ciphers.
Click on a version to see all relevant bugs
Veeam Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.