Veritas Flex Appliance Getting Started and Administration Guide
- Product overview
- Release notes
- Getting started
- Managing network settings
- Managing users
- Managing Flex Appliance Console users and tenants
- Using Flex Appliance
- Managing the repository
- Managing application instances from Flex Appliance
- Upgrading application instances
- About Flex Appliance updates
- Appliance security
- Monitoring the appliance
- Configuring alerts
- Viewing the hardware status
- Reconfiguring the appliance
- Troubleshooting guidelines
Security overview
Flex Appliance includes multiple features to ensure the security of your data. Each element of the appliance is tested for vulnerabilities using both industry standards and advanced security products. These measures ensure that exposure to unauthorized access and resulting data loss or theft is minimized.
Flex Appliance also uses the Security Technical Implementation Guide (STIG) template to meet security requirements per the Defense Information Systems Agency (DISA) profile. See the NetBackup Flex Appliance Security white paper for more information.
The security features in this release include but are not limited to the following:
OS security hardening, including Security-Enhanced Linux (SELinux).
Forced password changes during initial configuration to make sure that the default password does not remain active on the system.
The ability to set your own password policy, including the option to use STIG for validation.
Lockdown mode and WORM storage support, which let you set additional access restrictions and block data deletion during a specified retention period.
See About lockdown mode.
The ability to add a sign-in banner that appears before a user signs in to the Flex Appliance Console and the Flex Appliance Shell.
Support for external certificates.
Session timeouts that automatically sign users out of the Flex Appliance Console and the Flex Appliance Shell after 10 minutes of inactivity.
Conformance to the Federal Information Processing Standards (FIPS) 140-2.
Additional password protection in the Flex Appliance Console that locks local user accounts after three incorrect login attempts. If an account becomes locked, the locked user and the admin user must work together to unlock it.
Additional password protection in the Flex Appliance Shell that locks the hostadmin account for 15 minutes after 3 incorrect login attempts.
Password protection that restricts access to the GRUB menu except with assistance from Veritas Technical Support. If you need to edit GRUB, contact Technical Support and ask your representative to reference article 100048098.
Also note the following information regarding the appliance security:
IP forwarding is enabled in Flex Appliance by design; it is used to facilitate network communication between application instances and external networks.
Simultaneous multithreading (smt) is enabled by default on the Veritas 53xx Appliance.
The following vulnerabilities affect this feature:
CVE-2018-12130
CVE-2018-12126
CVE-2018-12127
CVE-2019-11091
You can disable smt to address these vulnerabilities; however, significant performance degradation may occur. If you want to disable smt, contact Veritas Technical Support and ask your representative to reference article 100046154.