This page provides a list of recommended secure configuration checks for Veritas NetBackup systems, and is periodically updated. Veritas NetBackup is a backup and recovery software suite built for enterprise organizations.
Interested to learn about StorageGuard Benchmark Checks for NetBackup? |
||
|
|
ID | System | Category | Configuration check |
K122AI00P100 | NetBackup | Access Control | Approved Certificate Authority (CA) server |
K022AI00P105 | NetBackup | Access Control | Approved DNS servers |
K022AI0MP110 | NetBackup | Access Control | Approved Identity Providers |
K022AI0MP115 | NetBackup | Access Control | Approved KMS server |
K072AI0MP120 | NetBackup | Access Control | Approved LDAP servers |
K172AI0MP125 | NetBackup | Access Control | Approved NTP servers |
K072AI000130 | NetBackup | Access Control | Approved SMTP recipients |
K022AI0MP135 | NetBackup | Access Control | Approved SMTP server |
K052AI0MP140 | NetBackup | Access Control | Approved Trusted Master servers |
K022AI00P145 | NetBackup | Access Control | Approved WebSocket server |
K022AI0MP150 | NetBackup | Access Control | Certificate autodeploy level |
K022AI0MP155 | NetBackup | Access Control | Certificate revocation |
K022AI0MP160 | NetBackup | Access Control | CLI access configuration |
K022AI0MP165 | NetBackup | Access Control | CLI session timeout |
K022AI0MP170 | NetBackup | Access Control | Display Login Banner |
K022AI0MP175 | NetBackup | Access Control | Idle session timeout |
K022AI0MP180 | NetBackup | Access Control | Intrusion detection system (IDS) status |
K022AI0MP185 | NetBackup | Access Control | Intrusion prevention system (IPS) status |
K022AI0MP190 | NetBackup | Access Control | Lockdown mode |
K022AI0MP195 | NetBackup | Access Control | Login banner |
K022AI0MP200 | NetBackup | Access Control | Master security level |
K062A00MP205 | NetBackup | Access Control | Netbackup service owner |
K162AI0MP210 | NetBackup | Access Control | Non-default local users |
K062AI0MP215 | NetBackup | Access Control | OPC permission on key directories |
K022AI0MP220 | NetBackup | Access Control | OS admin scope |
K022AI0MP225 | NetBackup | Access Control | Required trust relationships |
K022AI0MP230 | NetBackup | Access Control | Required WebSocket server |
K022AI00P235 | NetBackup | Access Control | Universal share configuration |
K022AI0MP240 | NetBackup | Audit | Log forwarding enabled |
K022AI0MP245 | NetBackup | Audit | Log forwarding over TCP |
K022AI0MP250 | NetBackup | Audit | NTP server redundancy |
K022AI0MP255 | NetBackup | Audit | NTP service status |
K022AI0MP260 | NetBackup | Audit | OPC Audit Trail retention days |
K072AI0MP265 | NetBackup | Audit | Required NTP servers |
K022AI0MP270 | NetBackup | Audit | SDSC audit log retention |
K022A000P275 | NetBackup | Authentication | Account lockout duration |
K022AI0MP280 | NetBackup | Authentication | Account lockout threshold |
K022AI0MP285 | NetBackup | Authentication | Appliance local user password expiration configuration |
K022AI0MP290 | NetBackup | Authentication | Approved CAC/PIV domain name |
K022AI0M0295 | NetBackup | Authentication | Authentication server redundancy(if used) |
K022AI0M0300 | NetBackup | Authentication | Certificate authority level |
K032AI0MP305 | NetBackup | Authentication | CIFS share authentication |
K032AI0MP310 | NetBackup | Authentication | Default passwords |
K022AI000315 | NetBackup | Authentication | Email Proxy server auth (NTLM) |
K022AI0MP320 | NetBackup | Authentication | Identity Provider redundancy (if used) |
K022AI0MP325 | NetBackup | Authentication | LDAP server configuration (if used) |
K022AI0MP330 | NetBackup | Authentication | Max password age |
K022AI00P335 | NetBackup | Authentication | Min password age |
K022AI00P340 | NetBackup | Authentication | Minimum password char change |
K052AI00P345 | NetBackup | Authentication | Minimum password digits |
K022AI00P350 | NetBackup | Authentication | Minimum password length |
K022AI0MP355 | NetBackup | Authentication | Minimum password lowercase characters |
K022AI0MP360 | NetBackup | Authentication | Minimum password special characters |
K022AI0MP365 | NetBackup | Authentication | Minimum password uppercase characters |
K022AI0M0370 | NetBackup | Authentication | OPC central authentication |
K022AI0MP375 | NetBackup | Authentication | OPC central authentication redundancy |
K022AI0MP380 | NetBackup | Authentication | OPC SNMP authentication |
K022AI0MP385 | NetBackup | Authentication | OPC SNMP community string |
K122AI0MP390 | NetBackup | Authentication | Password char repeat |
K092AI0MP395 | NetBackup | Authentication | Password reuse |
K092AI0MP400 | NetBackup | Authentication | Required Certificate Authority (CA) servers |
K092AI0MP405 | NetBackup | Authentication | Required Identity Providers |
K022AI0MP410 | NetBackup | Authentication | Required LDAP servers |
K022AI00P415 | NetBackup | Authentication | Smart card authentication |
K022AI00P420 | NetBackup | Authentication | SNMP authentication enabled |
K022AI00P425 | NetBackup | Authentication | SNMP authentication strength |
K022AI000430 | NetBackup | Authentication | SNMP community string |
K022AI0M0435 | NetBackup | Authentication | SSO status |
K022AI00P440 | NetBackup | Authentication | Use of LDAP / AD / Kerberos |
K022AI0MP445 | NetBackup | Authorization | Approved admin users / groups |
K022AI0MP450 | NetBackup | Authorization | Approved Admin/AMSadmin/NetBackupCLI users/groups |
K022AI0MP455 | NetBackup | Authorization | Approved Java console users |
K022A00MP460 | NetBackup | Authorization | Approved user roles |
K052AI000465 | NetBackup | Authorization | NBAC status |
K022AI0MP470 | NetBackup | Authorization | Oracle backup and recovery: share anonymous UID/GID |
K022AI0MP475 | NetBackup | Authorization | Oracle backup and recovery: share client root squash |
K062AI0MP480 | NetBackup | Authorization | Required Roles |
K022AI0MP485 | NetBackup | Backup and Recovery | 3-2-1 rule |
K022AI0MP490 | NetBackup | Backup and Recovery | Active backup policy |
K022AI0MP495 | NetBackup | Backup and Recovery | Air-gapped backup |
K022AI0MP500 | NetBackup | Backup and Recovery | Catalog backup |
K022AI0MP505 | NetBackup | Backup and Recovery | Deduplication pool catalog backup policy |
K022AI0MP510 | NetBackup | Backup and Recovery | Last backup |
K012AI0MP515 | NetBackup | Backup and Recovery | Lockdown retention settings |
K122AI0MP520 | NetBackup | Backup and Recovery | Number of copies |
K022AI0MP525 | NetBackup | Backup and Recovery | Off-site copy |
K022AI0MP530 | NetBackup | Backup and Recovery | Replication configuration |
K022AI0MP535 | NetBackup | Backup and Recovery | Retention configuration |
K022AI0MP540 | NetBackup | Backup and Recovery | Snapshot backup configuration |
K022AI0MP545 | NetBackup | Backup and Recovery | Target media |
K022AI0MP550 | NetBackup | Backup and Recovery | WORM configuration |
K022AI0MP555 | NetBackup | Configuration Management | Backup software version consistency |
K022AI0M0560 | NetBackup | Configuration Management | Call Home proxy server |
K022AI00P565 | NetBackup | Configuration Management | DNS server redundancy |
K022AI00P570 | NetBackup | Configuration Management | DNS service status |
K022AI0MP575 | NetBackup | Configuration Management | Policy attributes |
K022AI0MP580 | NetBackup | Configuration Management | Product Improvement Program status |
K022AI0MP585 | NetBackup | Configuration Management | Required DNS servers |
K032AI0MP590 | NetBackup | Configuration Management | Storage Sanity Check |
K022AI0MP595 | NetBackup | Configuration Management | Target NetBackup version |
K012AI0MP600 | NetBackup | Encryption | Appliance to Appliance IPsec config |
K022AI0MP605 | NetBackup | Encryption | Approved OCSP URI |
K022AI0MP610 | NetBackup | Encryption | Backup image encryption |
K022AI0MP615 | NetBackup | Encryption | Call home proxy tunneling configuration |
K022AI0MP620 | NetBackup | Encryption | Certificate key size |
K022AI000625 | NetBackup | Encryption | Cipher suite strength |
K022A00MP630 | NetBackup | Encryption | Client backup encryption (policy) |
K082AI0MP635 | NetBackup | Encryption | Communication with insecure hosts |
K082AI0MP640 | NetBackup | Encryption | Data in transit encryption |
K122AI0MP645 | NetBackup | Encryption | Deduplication encryption |
K022AI0MP650 | NetBackup | Encryption | KMS redundancy |
K022AI0MP655 | NetBackup | Encryption | Local KMS server used |
K022AI0MP660 | NetBackup | Encryption | Log forwarding TLS |
K022AI0MP665 | NetBackup | Encryption | OPC SNMP encryption |
K022AI0MP670 | NetBackup | Encryption | OPC SSL Cipher strength |
K022AI0M0675 | NetBackup | Encryption | OPC SSL Protocol |
K022AI0MP680 | NetBackup | Encryption | OPC SSL status |
K022AI0MP685 | NetBackup | Encryption | OPC transport privacy |
K022AI0MP690 | NetBackup | Encryption | Oracle backup and recovery: share client secure option |
K022AI0MP695 | NetBackup | Encryption | Required KMS servers |
K022AI00P700 | NetBackup | Encryption | RMM KVM Encryption |
K022AI00P705 | NetBackup | Encryption | RMM KVM Encryption strength |
K022AI0MP710 | NetBackup | Encryption | RMM Media Encryption status |
K022AI0MP715 | NetBackup | Encryption | RMM SSH status |
K022AI0MP720 | NetBackup | Encryption | Secure host connection |
K022AI0MP730 | NetBackup | Encryption | Secure host connection enforcement |
K022AI0MP735 | NetBackup | Encryption | Self-signed certificate |
K022AI0MP740 | NetBackup | Encryption | SMTP SSL |
K022AI0MP745 | NetBackup | Encryption | SNMP encryption enabled |
K022AI0MP750 | NetBackup | Encryption | SNMP encryption strength |
K022AI000755 | NetBackup | Encryption | SSL mode |
K022AI0MP760 | NetBackup | Encryption | TLS level |
K022AI0MP765 | NetBackup | Encryption | Use of secure LDAP |
K022A000P770 | NetBackup | Hardening | FIPS enabled KMS |
K042AI0MP775 | NetBackup | Hardening | FIPS status |
K022AI0MP780 | NetBackup | Hardening | STIG enabled |
K082AI0MP785 | NetBackup | Information Security | Storage / backup management separation |
K122AI0M0790 | NetBackup | Malware Protection | Anomaly detection configuration |
K022AI0MP795 | NetBackup | Malware Protection | Malware scan configuration |
K022AI0MP800 | NetBackup | Monitoring | Call Home enabled |
K022AI0MP805 | NetBackup | Monitoring | SMTP server configuration |
K022AI000810 | NetBackup | Services and Protocols | OPC SNMP version |
K022AI00P815 | NetBackup | Services and Protocols | SNMP version |
K022AI00P820 | NetBackup | Isolation | Unique credentials |
K022AI00P825 | NetBackup | Isolation | Use of local users (No AD) |
K022AI00P830 | NetBackup | Isolation | Not member of a Windows domain |
... and more. |
NOTE: Additional security baseline checks should be performed against NetBackup products such as NetBackup client, Ops Center, NetBackup plug-ins, NetBackup for VMware agent, NetBackup Flex, NetBackup Appliance and other NetBackup components.
Interested to learn about StorageGuard Security Posture Management for NetBackup?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.