Veeam V10 Data Re-use (Data Classification)
So, with all this time in lockdown I’m testing use cases
for the Veeam Data Re-use API.
From the Graphic above you can see the general use topics of
the Feature, so I decided to test use cases for each. There are 4 posts to this series, this post will focus on Data
classification.
Data Classification
Before we begin let me give a brief description of data
Classification, this process is determining the type of data and the risk this
data poses to an individual or to an organization
You would use data classification to
determine what type of data you have and then deal with certain types of data
different to others based on the compliance or security risk it poses on you or
the organization.
For and example in this post I’ll focus on Credit Card data
that could be stored within Text files, Word documents, excel document or Rich
Text format files.
Why would such data exist?
I downloaded a Template document used to take on new
customers with their verified card information “Credit Card Authorization Form
“this form could be used when doing telephonic sales or similar.
Veeam Use case
You could & should be using some sort of tool to
classify data in your infrastructure as its created and stored.
In this Post I’m going to focus on how to classify Personally
Identifiable Information within you stored backups with Veeam.
How is this done?
Here is a great post explaining the new feature (I’m not
going to into too much detail but will use the commands)
Veeam will Mount the backup data using PowerShell to call
API and mount disk from backup, we will then use 3rd Party tool too
Re-Use the data presented from backup in this case I will use a PowerShell
script to find Personally Identifiable Information kept in backup.
Personally, Identifiable Information
First, I needed to create some test PII data that I will be
able to classify in the PII script.
On a VM in my lab that I currently backup I used a template
.docx file to capture fake card data and save them as files on the VM for later
classification. I Saved them in formats .RTF and .TXT.
I downloaded a free template from here found with a simple
google search:
It looked simple and easy to capture card data:
I needed to then use test card data (card numbers etc.)
I found some Sample
information here in a simple google search:
I used a few of these sample card numbers to make the test
as realistic as possible.
I saved this to a folder on ROOT of C: under a folder called
“Finance “
Publish Backup
Next after adding the files to the Source VM, I ran a Backup
to capture the Data and store it as a Veeam Backup.
The next step is to use PowerShell to publish Volumes From
backup to a Mount server.
You can reference the PowerShell command that will be used
here:
The backup that I wanted to mount is the following:
I will use the data in the above screenshot to address the
correct Backup in the script
Here is the PowerShell command used, again more details on
the process can be read here:
My Script:
#Load the Veeam PowerShell Snapin
Add-PSSnapin VeeamPSSnapin
#Connect to the Backup server
Connect-VBRServer -Server "veeam" -User "Administrator" -Password "****"
#Specify the backup Point to be used in Publish
$point = Get-VBRBackup -Name "Vm test Data" | Get-VBRRestorePoint -Name "windev2001eval" | Sort-Object $_.creationtime
-Descending | Select -First 1
#Specify the Credentials for the Filesystem Os being mounted
$creds = Add-VBRCredentials -User "windev2001eval\Administrator" -Password "****"
#Publish ( Mount the Backup ) Target server is the backup server
Publish-VBRBackupContent -RestorePoint $point -TargetServerName "veeam" -TargetServerCredentials $creds
At this point backup Can be seen mounted In Console
It can also be Viewed in Windows Disk Management
Lastly It can also be found under
FLR mount directory in my case “C:\VeeamFLR”
Data Classification
Now that the Backup data is mounted it can be addressed via
Data Classification tool of choice.
For my data classification test, I used a PowerShell Script
I found on Technet here:
EDIT 2021/03/08 : Script no longer available on Tech-net gallery , copied into Github
So, from PowerShell I imported the PII script module, so
that I can then run my custom command to find Personally Identifiable
Information based on FLR directory and file type.
So, First:
I Created a folder and downloaded the Get-PII2.PS1 script
into the folder, I then also created a Log folder in the same directory as the
script looks for this.
In PowerShell after moving to the Directory where the
PowerShell Script can be found I Ran the following:
#Import the Script Module
Import-Module .\Get-PII2.ps1
#Run Command specifying which types of
files to interrogate for PII information, I also provided the exact directory
\Finance rather than entire Image to shorten the search. I also additionally
added Export Function to CSV to address results later.
Get-PII “txt”,”csv”,”docx” ,"rtf" “C:\VeeamFLR\WinDev2001Eval_d7fd2e1c\Volume1\Finance" | Export-Csv .\piilist1.csv -NoTypeInformation
The Script then Runs finding files containing Personally
Identifiable Information.
The Get-PII2 Script exports a HTML format report at the end
of the script with test results and legend on class of Personally Identifiable
Information found.
If we Look at the Folder directory, we can also find the
.CSV file export with the same results that we can now use in a Graph of Visual
of choice.
Example here: I used
Microsoft Power BI
At this point you can determine what sensitive information
is kept within backup and then can adjust your backup policies; these could be:
Increasing Retention to be compliant :
I edit my backup Job to include this new retention based on
new data information that’s come to light.
Encrypt & password protect this backup as it
contains Sensitive Data:
I added that on editing my current Job for this VM , in jobs
setting:
Storage > Advanced > Storage > Encryption
End of Testing Un-Publish
At this point I’m done testing I
want to Un publish the data, this can be done though Veeam Backup console, but
I will use PowerShell:
$session = Get-VBRPublishedBackupContentSession
Unpublish-VBRBackupContent -Session $session -RunAsync
You can combine All three code
segments:
- Publish
- Data classification
- Un-Publish
This can be used more
extensively, and you can address the published data with more intelligent
tools, I will be posting more on the other Use cases as separate posts.
See Part 2 http://www.mritsurgeon.co.za/2020/04/veeam-v10-data-re-use-part-2-security.html
See Part 2 http://www.mritsurgeon.co.za/2020/04/veeam-v10-data-re-use-part-2-security.html
Thank you for reading , please
like , share or comment
I was wondering if you have more information about this:
ReplyDeleteFor my data classification test, I used a PowerShell Script I found on Technet here:
https://gallery.technet.microsoft.com/Using-Powershell-to-report-d3163598
That script is no longer in thje gallery... well, the gallery is gone now.
Thanks,
Gene
gstrickl@hotmail.com
Hey Gene , i've Edited the post , Thank you for the Heads up , uploaded a copy to Github
ReplyDeletehttps://gist.github.com/mritsurgeon/4dc849731ffa9bd18d3fb93ca59d9556