This page provides a list of recommended secure configuration checks for Veritas NetBackup systems, and is periodically updated. Veritas NetBackup is a backup and recovery software suite built for enterprise organizations.
|
Interested to learn about StorageGuard Benchmark Checks for NetBackup? |
||
|
|
|
|
| ID | System | Category | Configuration check |
| K122AI00P100 | NetBackup | Access Control | Approved Certificate Authority (CA) server |
| K022AI00P105 | NetBackup | Access Control | Approved DNS servers |
| K022AI0MP110 | NetBackup | Access Control | Approved Identity Providers |
| K022AI0MP115 | NetBackup | Access Control | Approved KMS server |
| K072AI0MP120 | NetBackup | Access Control | Approved LDAP servers |
| K172AI0MP125 | NetBackup | Access Control | Approved NTP servers |
| K072AI000130 | NetBackup | Access Control | Approved SMTP recipients |
| K022AI0MP135 | NetBackup | Access Control | Approved SMTP server |
| K052AI0MP140 | NetBackup | Access Control | Approved Trusted Master servers |
| K022AI00P145 | NetBackup | Access Control | Approved WebSocket server |
| K022AI0MP150 | NetBackup | Access Control | Certificate autodeploy level |
| K022AI0MP155 | NetBackup | Access Control | Certificate revocation |
| K022AI0MP160 | NetBackup | Access Control | CLI access configuration |
| K022AI0MP165 | NetBackup | Access Control | CLI session timeout |
| K022AI0MP170 | NetBackup | Access Control | Display Login Banner |
| K022AI0MP175 | NetBackup | Access Control | Idle session timeout |
| K022AI0MP180 | NetBackup | Access Control | Intrusion detection system (IDS) status |
| K022AI0MP185 | NetBackup | Access Control | Intrusion prevention system (IPS) status |
| K022AI0MP190 | NetBackup | Access Control | Lockdown mode |
| K022AI0MP195 | NetBackup | Access Control | Login banner |
| K022AI0MP200 | NetBackup | Access Control | Master security level |
| K062A00MP205 | NetBackup | Access Control | Netbackup service owner |
| K162AI0MP210 | NetBackup | Access Control | Non-default local users |
| K062AI0MP215 | NetBackup | Access Control | OPC permission on key directories |
| K022AI0MP220 | NetBackup | Access Control | OS admin scope |
| K022AI0MP225 | NetBackup | Access Control | Required trust relationships |
| K022AI0MP230 | NetBackup | Access Control | Required WebSocket server |
| K022AI00P235 | NetBackup | Access Control | Universal share configuration |
| K022AI0MP240 | NetBackup | Audit | Log forwarding enabled |
| K022AI0MP245 | NetBackup | Audit | Log forwarding over TCP |
| K022AI0MP250 | NetBackup | Audit | NTP server redundancy |
| K022AI0MP255 | NetBackup | Audit | NTP service status |
| K022AI0MP260 | NetBackup | Audit | OPC Audit Trail retention days |
| K072AI0MP265 | NetBackup | Audit | Required NTP servers |
| K022AI0MP270 | NetBackup | Audit | SDSC audit log retention |
| K022A000P275 | NetBackup | Authentication | Account lockout duration |
| K022AI0MP280 | NetBackup | Authentication | Account lockout threshold |
| K022AI0MP285 | NetBackup | Authentication | Appliance local user password expiration configuration |
| K022AI0MP290 | NetBackup | Authentication | Approved CAC/PIV domain name |
| K022AI0M0295 | NetBackup | Authentication | Authentication server redundancy(if used) |
| K022AI0M0300 | NetBackup | Authentication | Certificate authority level |
| K032AI0MP305 | NetBackup | Authentication | CIFS share authentication |
| K032AI0MP310 | NetBackup | Authentication | Default passwords |
| K022AI000315 | NetBackup | Authentication | Email Proxy server auth (NTLM) |
| K022AI0MP320 | NetBackup | Authentication | Identity Provider redundancy (if used) |
| K022AI0MP325 | NetBackup | Authentication | LDAP server configuration (if used) |
| K022AI0MP330 | NetBackup | Authentication | Max password age |
| K022AI00P335 | NetBackup | Authentication | Min password age |
| K022AI00P340 | NetBackup | Authentication | Minimum password char change |
| K052AI00P345 | NetBackup | Authentication | Minimum password digits |
| K022AI00P350 | NetBackup | Authentication | Minimum password length |
| K022AI0MP355 | NetBackup | Authentication | Minimum password lowercase characters |
| K022AI0MP360 | NetBackup | Authentication | Minimum password special characters |
| K022AI0MP365 | NetBackup | Authentication | Minimum password uppercase characters |
| K022AI0M0370 | NetBackup | Authentication | OPC central authentication |
| K022AI0MP375 | NetBackup | Authentication | OPC central authentication redundancy |
| K022AI0MP380 | NetBackup | Authentication | OPC SNMP authentication |
| K022AI0MP385 | NetBackup | Authentication | OPC SNMP community string |
| K122AI0MP390 | NetBackup | Authentication | Password char repeat |
| K092AI0MP395 | NetBackup | Authentication | Password reuse |
| K092AI0MP400 | NetBackup | Authentication | Required Certificate Authority (CA) servers |
| K092AI0MP405 | NetBackup | Authentication | Required Identity Providers |
| K022AI0MP410 | NetBackup | Authentication | Required LDAP servers |
| K022AI00P415 | NetBackup | Authentication | Smart card authentication |
| K022AI00P420 | NetBackup | Authentication | SNMP authentication enabled |
| K022AI00P425 | NetBackup | Authentication | SNMP authentication strength |
| K022AI000430 | NetBackup | Authentication | SNMP community string |
| K022AI0M0435 | NetBackup | Authentication | SSO status |
| K022AI00P440 | NetBackup | Authentication | Use of LDAP / AD / Kerberos |
| K022AI0MP445 | NetBackup | Authorization | Approved admin users / groups |
| K022AI0MP450 | NetBackup | Authorization | Approved Admin/AMSadmin/NetBackupCLI users/groups |
| K022AI0MP455 | NetBackup | Authorization | Approved Java console users |
| K022A00MP460 | NetBackup | Authorization | Approved user roles |
| K052AI000465 | NetBackup | Authorization | NBAC status |
| K022AI0MP470 | NetBackup | Authorization | Oracle backup and recovery: share anonymous UID/GID |
| K022AI0MP475 | NetBackup | Authorization | Oracle backup and recovery: share client root squash |
| K062AI0MP480 | NetBackup | Authorization | Required Roles |
| K022AI0MP485 | NetBackup | Backup and Recovery | 3-2-1 rule |
| K022AI0MP490 | NetBackup | Backup and Recovery | Active backup policy |
| K022AI0MP495 | NetBackup | Backup and Recovery | Air-gapped backup |
| K022AI0MP500 | NetBackup | Backup and Recovery | Catalog backup |
| K022AI0MP505 | NetBackup | Backup and Recovery | Deduplication pool catalog backup policy |
| K022AI0MP510 | NetBackup | Backup and Recovery | Last backup |
| K012AI0MP515 | NetBackup | Backup and Recovery | Lockdown retention settings |
| K122AI0MP520 | NetBackup | Backup and Recovery | Number of copies |
| K022AI0MP525 | NetBackup | Backup and Recovery | Off-site copy |
| K022AI0MP530 | NetBackup | Backup and Recovery | Replication configuration |
| K022AI0MP535 | NetBackup | Backup and Recovery | Retention configuration |
| K022AI0MP540 | NetBackup | Backup and Recovery | Snapshot backup configuration |
| K022AI0MP545 | NetBackup | Backup and Recovery | Target media |
| K022AI0MP550 | NetBackup | Backup and Recovery | WORM configuration |
| K022AI0MP555 | NetBackup | Configuration Management | Backup software version consistency |
| K022AI0M0560 | NetBackup | Configuration Management | Call Home proxy server |
| K022AI00P565 | NetBackup | Configuration Management | DNS server redundancy |
| K022AI00P570 | NetBackup | Configuration Management | DNS service status |
| K022AI0MP575 | NetBackup | Configuration Management | Policy attributes |
| K022AI0MP580 | NetBackup | Configuration Management | Product Improvement Program status |
| K022AI0MP585 | NetBackup | Configuration Management | Required DNS servers |
| K032AI0MP590 | NetBackup | Configuration Management | Storage Sanity Check |
| K022AI0MP595 | NetBackup | Configuration Management | Target NetBackup version |
| K012AI0MP600 | NetBackup | Encryption | Appliance to Appliance IPsec config |
| K022AI0MP605 | NetBackup | Encryption | Approved OCSP URI |
| K022AI0MP610 | NetBackup | Encryption | Backup image encryption |
| K022AI0MP615 | NetBackup | Encryption | Call home proxy tunneling configuration |
| K022AI0MP620 | NetBackup | Encryption | Certificate key size |
| K022AI000625 | NetBackup | Encryption | Cipher suite strength |
| K022A00MP630 | NetBackup | Encryption | Client backup encryption (policy) |
| K082AI0MP635 | NetBackup | Encryption | Communication with insecure hosts |
| K082AI0MP640 | NetBackup | Encryption | Data in transit encryption |
| K122AI0MP645 | NetBackup | Encryption | Deduplication encryption |
| K022AI0MP650 | NetBackup | Encryption | KMS redundancy |
| K022AI0MP655 | NetBackup | Encryption | Local KMS server used |
| K022AI0MP660 | NetBackup | Encryption | Log forwarding TLS |
| K022AI0MP665 | NetBackup | Encryption | OPC SNMP encryption |
| K022AI0MP670 | NetBackup | Encryption | OPC SSL Cipher strength |
| K022AI0M0675 | NetBackup | Encryption | OPC SSL Protocol |
| K022AI0MP680 | NetBackup | Encryption | OPC SSL status |
| K022AI0MP685 | NetBackup | Encryption | OPC transport privacy |
| K022AI0MP690 | NetBackup | Encryption | Oracle backup and recovery: share client secure option |
| K022AI0MP695 | NetBackup | Encryption | Required KMS servers |
| K022AI00P700 | NetBackup | Encryption | RMM KVM Encryption |
| K022AI00P705 | NetBackup | Encryption | RMM KVM Encryption strength |
| K022AI0MP710 | NetBackup | Encryption | RMM Media Encryption status |
| K022AI0MP715 | NetBackup | Encryption | RMM SSH status |
| K022AI0MP720 | NetBackup | Encryption | Secure host connection |
| K022AI0MP730 | NetBackup | Encryption | Secure host connection enforcement |
| K022AI0MP735 | NetBackup | Encryption | Self-signed certificate |
| K022AI0MP740 | NetBackup | Encryption | SMTP SSL |
| K022AI0MP745 | NetBackup | Encryption | SNMP encryption enabled |
| K022AI0MP750 | NetBackup | Encryption | SNMP encryption strength |
| K022AI000755 | NetBackup | Encryption | SSL mode |
| K022AI0MP760 | NetBackup | Encryption | TLS level |
| K022AI0MP765 | NetBackup | Encryption | Use of secure LDAP |
| K022A000P770 | NetBackup | Hardening | FIPS enabled KMS |
| K042AI0MP775 | NetBackup | Hardening | FIPS status |
| K022AI0MP780 | NetBackup | Hardening | STIG enabled |
| K082AI0MP785 | NetBackup | Information Security | Storage / backup management separation |
| K122AI0M0790 | NetBackup | Malware Protection | Anomaly detection configuration |
| K022AI0MP795 | NetBackup | Malware Protection | Malware scan configuration |
| K022AI0MP800 | NetBackup | Monitoring | Call Home enabled |
| K022AI0MP805 | NetBackup | Monitoring | SMTP server configuration |
| K022AI000810 | NetBackup | Services and Protocols | OPC SNMP version |
| K022AI00P815 | NetBackup | Services and Protocols | SNMP version |
| K022AI00P820 | NetBackup | Isolation | Unique credentials |
| K022AI00P825 | NetBackup | Isolation | Use of local users (No AD) |
| K022AI00P830 | NetBackup | Isolation | Not member of a Windows domain |
|
... and more. |
NOTE: Additional security baseline checks should be performed against NetBackup products such as NetBackup client, Ops Center, NetBackup plug-ins, NetBackup for VMware agent, NetBackup Flex, NetBackup Appliance and other NetBackup components.
|
Interested to learn about StorageGuard Security Posture Management for NetBackup?
|
||
|
|
|
|
Comments
0 comments
Please sign in to leave a comment.