Veritas NetBackup™ Appliance Security Guide
- About the NetBackup appliance Security Guide
- User authentication
- About user authentication on the NetBackup appliance
- About configuring user authentication
- About user name and password specifications
- User authorization
- Intrusion prevention and intrusion detection systems
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- Remote Management Module (RMM) security
- STIG and FIPS conformance
- Appendix A. Security release content
About data security
NetBackup appliance supports policy driven mechanisms to protect data on clients as well as NetBackup servers. The following measures are implemented to improve data security by avoiding data leaks and improving protection:
Real-time intrusion detection mechanisms are in place to audit access to confidential data stored on NetBackup appliance.
Logging and real-time tracking of all restores.
Access to the backed up data is authorized to only appliance users and processes.
NetBackup appliance ensures that all backup data in the Deduplication Pool (MSDP) is marked with Cyclic Redundancy Check (CRC) digital signatures when the backup takes place. A maintenance task continuously re-computes the CRC digital signatures and compares it with the original signature to detect if there has been any unwanted tampering or corruption in the Deduplication Pool.
Unintended access to appliance storage is prevented by password protecting logins to the appliance.
Access to shared data limited to authorized users only and NetBackup processes.
Usage of HTTPS protocol and port 443 to connect to the Veritas AutoSupport server to upload hardware and software information using the Call Home feature. Veritas Technical Support uses this information to resolve any issues that you might report. This information is retained for 90 days and purged at the Veritas Secure Operations Center.
Support "Checkpoints" that lets you easily roll back the entire system to a point in time to undo any misconfiguration. The checkpoint captures the following components:
Appliance operating system
Appliance software
NetBackup software
Tape media configuration on the primary server
Networking configuration
LDAP configuration if it exists
Fiber channel configuration
Any previously applied patches
Note:
Critical components like the NetBackup Catalog and the KMS database may need additional configuration.
NetBackup appliance software has no in-built transmission/session security unless it is HTTP (Web service) protocol. Veritas recommends deploying VPN (Virtual Private Networks) solutions like IPSec between NetBackup hosts if appliance software is running in an untrusted network environment.