This page provides a list of recommended secure configuration checks for Veritas NetBackup systems, and is periodically updated.
Veritas NetBackup is a backup and recovery software suite built for enterprise organizations.
System | Category | Configuration check |
NetBackup | Access Control | Approved Certificate Authority (CA) server |
NetBackup | Access Control | Approved DNS servers |
NetBackup | Access Control | Approved Identity Providers |
NetBackup | Access Control | Approved KMS server |
NetBackup | Access Control | Approved LDAP servers |
NetBackup | Access Control | Approved NTP servers |
NetBackup | Access Control | Approved SMTP recipients |
NetBackup | Access Control | Approved SMTP server |
NetBackup | Access Control | Approved Trusted Master servers |
NetBackup | Access Control | Approved WebSocket server |
NetBackup | Access Control | Certificate autodeploy level |
NetBackup | Access Control | Certificate revocation |
NetBackup | Access Control | CLI access configuration |
NetBackup | Access Control | CLI session timeout |
NetBackup | Access Control | Display Login Banner |
NetBackup | Access Control | Idle session timeout |
NetBackup | Access Control | Intrusion detection system (IDS) status |
NetBackup | Access Control | Intrusion prevention system (IPS) status |
NetBackup | Access Control | Lockdown mode |
NetBackup | Access Control | Login banner |
NetBackup | Access Control | Master security level |
NetBackup | Access Control | Netbackup service owner |
NetBackup | Access Control | Non-default local users |
NetBackup | Access Control | OPC permission on key directories |
NetBackup | Access Control | OS admin scope |
NetBackup | Access Control | Required trust relationships |
NetBackup | Access Control | Required WebSocket server |
NetBackup | Access Control | Universal share configuration |
NetBackup | Audit | Log forwarding enabled |
NetBackup | Audit | Log forwarding over TCP |
NetBackup | Audit | NTP server redundancy |
NetBackup | Audit | NTP service status |
NetBackup | Audit | OPC Audit Trail retention days |
NetBackup | Audit | Required NTP servers |
NetBackup | Audit | SDSC audit log retention |
NetBackup | Authentication | Account lockout duration |
NetBackup | Authentication | Account lockout threshold |
NetBackup | Authentication | Appliance local user password expiration configuration |
NetBackup | Authentication | Approved CAC/PIV domain name |
NetBackup | Authentication | Authentication server redundancy |
NetBackup | Authentication | Certificate authority level |
NetBackup | Authentication | CIFS share authentication |
NetBackup | Authentication | Default passwords |
NetBackup | Authentication | Email Proxy server auth (NTLM) |
NetBackup | Authentication | Identity Provider redundancy |
NetBackup | Authentication | LDAP server configuration |
NetBackup | Authentication | Max password age |
NetBackup | Authentication | Min password age |
NetBackup | Authentication | Minimum password char change |
NetBackup | Authentication | Minimum password digits |
NetBackup | Authentication | Minimum password length |
NetBackup | Authentication | Minimum password lowercase characters |
NetBackup | Authentication | Minimum password special characters |
NetBackup | Authentication | Minimum password uppercase characters |
NetBackup | Authentication | OPC central authentication |
NetBackup | Authentication | OPC central authentication redundancy |
NetBackup | Authentication | OPC SNMP authentication |
NetBackup | Authentication | OPC SNMP community string |
NetBackup | Authentication | Password char repeat |
NetBackup | Authentication | Password reuse |
NetBackup | Authentication | Required Certificate Authority (CA) servers |
NetBackup | Authentication | Required Identity Providers |
NetBackup | Authentication | Required LDAP servers |
NetBackup | Authentication | Smart card authentication |
NetBackup | Authentication | SNMP authentication enabled |
NetBackup | Authentication | SNMP authentication strength |
NetBackup | Authentication | SNMP community string |
NetBackup | Authentication | SSO status |
NetBackup | Authentication | Use of LDAP / AD / Kerberos |
NetBackup | Authorization | Approved admin users / groups |
NetBackup | Authorization | Approved Admin/AMSadmin/NetBackupCLI users/groups |
NetBackup | Authorization | Approved Java console users |
NetBackup | Authorization | Approved user roles |
NetBackup | Authorization | NBAC status |
NetBackup | Authorization | Oracle backup and recovery: share anonymous UID/GID |
NetBackup | Authorization | Oracle backup and recovery: share client root squash |
NetBackup | Authorization | Required Roles |
NetBackup | Backup and Recovery | 3-2-1 rule |
NetBackup | Backup and Recovery | Active backup policy |
NetBackup | Backup and Recovery | Air-gapped backup |
NetBackup | Backup and Recovery | Catalog backup |
NetBackup | Backup and Recovery | Deduplication pool catalog backup policy |
NetBackup | Backup and Recovery | Last backup |
NetBackup | Backup and Recovery | Lockdown retention settings |
NetBackup | Backup and Recovery | Number of copies |
NetBackup | Backup and Recovery | Off-site copy |
NetBackup | Backup and Recovery | Replication configuration |
NetBackup | Backup and Recovery | Retention configuration |
NetBackup | Backup and Recovery | Snapshot backup configuration |
NetBackup | Backup and Recovery | Target media |
NetBackup | Backup and Recovery | WORM configuration |
NetBackup | Configuration Management | Backup software version consistency |
NetBackup | Configuration Management | Call Home proxy server |
NetBackup | Configuration Management | DNS server redundancy |
NetBackup | Configuration Management | DNS service status |
NetBackup | Configuration Management | Policy attributes |
NetBackup | Configuration Management | Product Improvement Program status |
NetBackup | Configuration Management | Required DNS servers |
NetBackup | Configuration Management | Storage Sanity Check |
NetBackup | Configuration Management | Target NetBackup version |
NetBackup | Encryption | Appliance to Appliance IPsec config |
NetBackup | Encryption | Approved OCSP URI |
NetBackup | Encryption | Backup image encryption |
NetBackup | Encryption | Call home proxy tunneling configuration |
NetBackup | Encryption | Certificate key size |
NetBackup | Encryption | Cipher suite strength |
NetBackup | Encryption | Client backup encryption (policy) |
NetBackup | Encryption | Communication with insecure hosts |
NetBackup | Encryption | Data in transit encryption |
NetBackup | Encryption | Deduplication encryption |
NetBackup | Encryption | KMS redundancy |
NetBackup | Encryption | Local KMS server used |
NetBackup | Encryption | Log forwarding TLS |
NetBackup | Encryption | OPC SNMP encryption |
NetBackup | Encryption | OPC SSL Cipher strength |
NetBackup | Encryption | OPC SSL Protocol |
NetBackup | Encryption | OPC SSL status |
NetBackup | Encryption | OPC transport privacy |
NetBackup | Encryption | Oracle backup and recovery: share client secure option |
NetBackup | Encryption | Required KMS servers |
NetBackup | Encryption | RMM KVM Encryption |
NetBackup | Encryption | RMM KVM Encryption strength |
NetBackup | Encryption | RMM Media Encryption status |
NetBackup | Encryption | RMM SSH status |
NetBackup | Encryption | Secure host connection |
NetBackup | Encryption | Secure host connection |
NetBackup | Encryption | Secure host connection enforcement |
NetBackup | Encryption | Self-signed certificate |
NetBackup | Encryption | SMTP SSL |
NetBackup | Encryption | SNMP encryption enabled |
NetBackup | Encryption | SNMP encryption strength |
NetBackup | Encryption | SSL mode |
NetBackup | Encryption | TLS level |
NetBackup | Encryption | Use of secure LDAP |
NetBackup | Hardening | FIPS enabled KMS |
NetBackup | Hardening | FIPS status |
NetBackup | Hardening | STIG enabled |
NetBackup | Information Security | Storage / backup management separation |
NetBackup | Malware Protection | Anomaly detection configuration |
NetBackup | Malware Protection | Malware scan configuration |
NetBackup | Monitoring | Call Home enabled |
NetBackup | Monitoring | SMTP server configuration |
NetBackup | Services and Protocols | OPC SNMP version |
NetBackup | Services and Protocols | SNMP version |
NOTE: Additional security baseline checks should be performed against NetBackup products such as NetBackup client, Ops Center, NetBackup plug-ins, NetBackup for VMware agent, NetBackup Flex, NetBackup Appliance and other NetBackup components.
Interested to learn about StorageGuard secure configuration checks for Storage and Backup systems? |
Comments
0 comments
Please sign in to leave a comment.