This page provides a list of recommended secure configuration checks for Veritas NetBackup systems, and is periodically updated.
Veritas NetBackup is a backup and recovery software suite built for enterprise organizations.
| System | Category | Configuration check |
| NetBackup | Access Control | Approved Certificate Authority (CA) server |
| NetBackup | Access Control | Approved DNS servers |
| NetBackup | Access Control | Approved Identity Providers |
| NetBackup | Access Control | Approved KMS server |
| NetBackup | Access Control | Approved LDAP servers |
| NetBackup | Access Control | Approved NTP servers |
| NetBackup | Access Control | Approved SMTP recipients |
| NetBackup | Access Control | Approved SMTP server |
| NetBackup | Access Control | Approved Trusted Master servers |
| NetBackup | Access Control | Approved WebSocket server |
| NetBackup | Access Control | Certificate autodeploy level |
| NetBackup | Access Control | Certificate revocation |
| NetBackup | Access Control | CLI access configuration |
| NetBackup | Access Control | CLI session timeout |
| NetBackup | Access Control | Display Login Banner |
| NetBackup | Access Control | Idle session timeout |
| NetBackup | Access Control | Intrusion detection system (IDS) status |
| NetBackup | Access Control | Intrusion prevention system (IPS) status |
| NetBackup | Access Control | Lockdown mode |
| NetBackup | Access Control | Login banner |
| NetBackup | Access Control | Master security level |
| NetBackup | Access Control | Netbackup service owner |
| NetBackup | Access Control | Non-default local users |
| NetBackup | Access Control | OPC permission on key directories |
| NetBackup | Access Control | OS admin scope |
| NetBackup | Access Control | Required trust relationships |
| NetBackup | Access Control | Required WebSocket server |
| NetBackup | Access Control | Universal share configuration |
| NetBackup | Audit | Log forwarding enabled |
| NetBackup | Audit | Log forwarding over TCP |
| NetBackup | Audit | NTP server redundancy |
| NetBackup | Audit | NTP service status |
| NetBackup | Audit | OPC Audit Trail retention days |
| NetBackup | Audit | Required NTP servers |
| NetBackup | Audit | SDSC audit log retention |
| NetBackup | Authentication | Account lockout duration |
| NetBackup | Authentication | Account lockout threshold |
| NetBackup | Authentication | Appliance local user password expiration configuration |
| NetBackup | Authentication | Approved CAC/PIV domain name |
| NetBackup | Authentication | Authentication server redundancy |
| NetBackup | Authentication | Certificate authority level |
| NetBackup | Authentication | CIFS share authentication |
| NetBackup | Authentication | Default passwords |
| NetBackup | Authentication | Email Proxy server auth (NTLM) |
| NetBackup | Authentication | Identity Provider redundancy |
| NetBackup | Authentication | LDAP server configuration |
| NetBackup | Authentication | Max password age |
| NetBackup | Authentication | Min password age |
| NetBackup | Authentication | Minimum password char change |
| NetBackup | Authentication | Minimum password digits |
| NetBackup | Authentication | Minimum password length |
| NetBackup | Authentication | Minimum password lowercase characters |
| NetBackup | Authentication | Minimum password special characters |
| NetBackup | Authentication | Minimum password uppercase characters |
| NetBackup | Authentication | OPC central authentication |
| NetBackup | Authentication | OPC central authentication redundancy |
| NetBackup | Authentication | OPC SNMP authentication |
| NetBackup | Authentication | OPC SNMP community string |
| NetBackup | Authentication | Password char repeat |
| NetBackup | Authentication | Password reuse |
| NetBackup | Authentication | Required Certificate Authority (CA) servers |
| NetBackup | Authentication | Required Identity Providers |
| NetBackup | Authentication | Required LDAP servers |
| NetBackup | Authentication | Smart card authentication |
| NetBackup | Authentication | SNMP authentication enabled |
| NetBackup | Authentication | SNMP authentication strength |
| NetBackup | Authentication | SNMP community string |
| NetBackup | Authentication | SSO status |
| NetBackup | Authentication | Use of LDAP / AD / Kerberos |
| NetBackup | Authorization | Approved admin users / groups |
| NetBackup | Authorization | Approved Admin/AMSadmin/NetBackupCLI users/groups |
| NetBackup | Authorization | Approved Java console users |
| NetBackup | Authorization | Approved user roles |
| NetBackup | Authorization | NBAC status |
| NetBackup | Authorization | Oracle backup and recovery: share anonymous UID/GID |
| NetBackup | Authorization | Oracle backup and recovery: share client root squash |
| NetBackup | Authorization | Required Roles |
| NetBackup | Backup and Recovery | 3-2-1 rule |
| NetBackup | Backup and Recovery | Active backup policy |
| NetBackup | Backup and Recovery | Air-gapped backup |
| NetBackup | Backup and Recovery | Catalog backup |
| NetBackup | Backup and Recovery | Deduplication pool catalog backup policy |
| NetBackup | Backup and Recovery | Last backup |
| NetBackup | Backup and Recovery | Lockdown retention settings |
| NetBackup | Backup and Recovery | Number of copies |
| NetBackup | Backup and Recovery | Off-site copy |
| NetBackup | Backup and Recovery | Replication configuration |
| NetBackup | Backup and Recovery | Retention configuration |
| NetBackup | Backup and Recovery | Snapshot backup configuration |
| NetBackup | Backup and Recovery | Target media |
| NetBackup | Backup and Recovery | WORM configuration |
| NetBackup | Configuration Management | Backup software version consistency |
| NetBackup | Configuration Management | Call Home proxy server |
| NetBackup | Configuration Management | DNS server redundancy |
| NetBackup | Configuration Management | DNS service status |
| NetBackup | Configuration Management | Policy attributes |
| NetBackup | Configuration Management | Product Improvement Program status |
| NetBackup | Configuration Management | Required DNS servers |
| NetBackup | Configuration Management | Storage Sanity Check |
| NetBackup | Configuration Management | Target NetBackup version |
| NetBackup | Encryption | Appliance to Appliance IPsec config |
| NetBackup | Encryption | Approved OCSP URI |
| NetBackup | Encryption | Backup image encryption |
| NetBackup | Encryption | Call home proxy tunneling configuration |
| NetBackup | Encryption | Certificate key size |
| NetBackup | Encryption | Cipher suite strength |
| NetBackup | Encryption | Client backup encryption (policy) |
| NetBackup | Encryption | Communication with insecure hosts |
| NetBackup | Encryption | Data in transit encryption |
| NetBackup | Encryption | Deduplication encryption |
| NetBackup | Encryption | KMS redundancy |
| NetBackup | Encryption | Local KMS server used |
| NetBackup | Encryption | Log forwarding TLS |
| NetBackup | Encryption | OPC SNMP encryption |
| NetBackup | Encryption | OPC SSL Cipher strength |
| NetBackup | Encryption | OPC SSL Protocol |
| NetBackup | Encryption | OPC SSL status |
| NetBackup | Encryption | OPC transport privacy |
| NetBackup | Encryption | Oracle backup and recovery: share client secure option |
| NetBackup | Encryption | Required KMS servers |
| NetBackup | Encryption | RMM KVM Encryption |
| NetBackup | Encryption | RMM KVM Encryption strength |
| NetBackup | Encryption | RMM Media Encryption status |
| NetBackup | Encryption | RMM SSH status |
| NetBackup | Encryption | Secure host connection |
| NetBackup | Encryption | Secure host connection |
| NetBackup | Encryption | Secure host connection enforcement |
| NetBackup | Encryption | Self-signed certificate |
| NetBackup | Encryption | SMTP SSL |
| NetBackup | Encryption | SNMP encryption enabled |
| NetBackup | Encryption | SNMP encryption strength |
| NetBackup | Encryption | SSL mode |
| NetBackup | Encryption | TLS level |
| NetBackup | Encryption | Use of secure LDAP |
| NetBackup | Hardening | FIPS enabled KMS |
| NetBackup | Hardening | FIPS status |
| NetBackup | Hardening | STIG enabled |
| NetBackup | Information Security | Storage / backup management separation |
| NetBackup | Malware Protection | Anomaly detection configuration |
| NetBackup | Malware Protection | Malware scan configuration |
| NetBackup | Monitoring | Call Home enabled |
| NetBackup | Monitoring | SMTP server configuration |
| NetBackup | Services and Protocols | OPC SNMP version |
| NetBackup | Services and Protocols | SNMP version |
NOTE: Additional security baseline checks should be performed against NetBackup products such as NetBackup client, Ops Center, NetBackup plug-ins, NetBackup for VMware agent, NetBackup Flex, NetBackup Appliance and other NetBackup components.
|
Interested to learn about StorageGuard secure configuration checks for Storage and Backup systems? |
Comments
0 comments
Please sign in to leave a comment.