Veritas NetBackup™ Appliance Security Guide

Last Published:
Product(s): Appliances (3.1)
  1. About the NetBackup appliance Security Guide
    1.  
      About the NetBackup appliance Security Guide
  2. User authentication
    1. About user authentication on the NetBackup appliance
      1.  
        User types that can authenticate on the NetBackup appliance
    2. About configuring user authentication
      1.  
        Generic user authentication guidelines
    3.  
      About authenticating LDAP users
    4.  
      About authenticating Active Directory users
    5.  
      About authenticating Kerberos-NIS users
    6.  
      About the appliance login banner
    7. About user name and password specifications
      1.  
        About STIG compliant password policy rules
  3. User authorization
    1.  
      About user authorization on the NetBackup appliance
    2. About authorizing NetBackup appliance users
      1.  
        NetBackup appliance user role privileges
    3.  
      About the Administrator user role
    4.  
      About the NetBackupCLI user role
  4. Intrusion prevention and intrusion detection systems
    1.  
      About Symantec Data Center Security on the NetBackup appliance
    2.  
      About the NetBackup appliance intrusion prevention system
    3.  
      About the NetBackup appliance intrusion detection system
    4.  
      Reviewing SDCS events on the NetBackup appliance
    5.  
      Running SDCS in unmanaged mode on the NetBackup appliance
    6.  
      Running SDCS in managed mode on the NetBackup appliance
    7.  
      Overriding the NetBackup appliance intrusion prevention system policy
    8.  
      Re-enabling the NetBackup appliance intrusion prevention system policy
  5. Log files
    1.  
      About NetBackup appliance log files
    2.  
      Viewing log files using the Support command
    3.  
      Where to find NetBackup appliance log files using the Browse command
    4.  
      Gathering device logs with the DataCollect command
    5.  
      Log Forwarding feature overview
  6. Operating system security
    1.  
      About NetBackup appliance operating system security
    2.  
      Major components of the NetBackup appliance OS
    3.  
      Disabled service accounts on the NetBackup appliance
    4.  
      Vulnerability scanning of the NetBackup appliance
  7. Data security
    1.  
      About data security
    2.  
      About data integrity
    3.  
      About data classification
    4. About data encryption
      1.  
        KMS support
  8. Web security
    1.  
      About SSL certification
  9. Network security
    1.  
      About IPsec Channel Configuration
    2.  
      About NetBackup appliance ports
  10. Call Home security
    1.  
      About AutoSupport
    2. About Call Home
      1.  
        Configuring Call Home from the NetBackup Appliance Shell Menu
      2.  
        Enabling and disabling Call Home from the NetBackup Appliance Shell Menu
      3.  
        Configuring a Call Home proxy server from the NetBackup Appliance Shell Menu
      4.  
        Understanding the Call Home workflow
    3. About SNMP
      1.  
        About the Management Information Base (MIB)
  11. IPMI security
    1.  
      Introduction to IPMI configuration
    2.  
      Recommended IPMI settings
    3.  
      Replacing the default IPMI SSL certificate
  12. STIG compliance
    1.  
      OS STIG hardening for NetBackup appliances
    2.  
      Unenforced STIG hardening rules
  13. Appendix A. Security release content
    1.  
      NetBackup Appliance security release content

About authorizing NetBackup appliance users

Table: User authorization management describes the options that are provided for authorizing new and existing users or user groups through the NetBackup Appliance Web Console and NetBackup Appliance Shell Menu:

Table: User authorization management

Task

NetBackup Appliance Web Console

NetBackup Appliance Shell Menu

Manage users

The following options are available under Settings > Authentication > User Management

  • View all of the users that have been added to the appliance.

  • Expand and view all belonging users to a single user group.

  • Add and delete local users.

  • Add and delete LDAP/AD/Kerberos-NIS users and user groups.

Use the Settings > Security > Authentication commands to add, delete, and view appliance users.

See About configuring user authentication.

Manage user permissions (roles)

The following options are available under Settings > Authentication > User Management:

  • Grant and revoke the Administrator role for users and user groups.

  • Grant and revoke the NetBackupCLI role for users and user groups.

  • Synchronize members of registered user groups with Administrator role.

The following commands and options are available under Main > Settings > Security > Authorization:

  • Grant

    Grant the Administrator and NetBackupCLI roles to specific users and users groups that have been added to the appliance.

  • List

    List all of the users and user groups that have been added to the appliance, along with their designated roles.

  • Revoke

    Revoke the Administrator and NetBackupCLI roles from specific users and users groups that have been added to the appliance.

  • SyncGroupMembers

    Synchronize members of registered user groups.

Notes about user management

  • You cannot grant the NetBackupCLI role to an existing local user. However, you can create a local NetBackupCLI user by using the Manage > NetBackupCLI > Create command from theNetBackup Appliance Shell Menu.

  • The NetBackupCLI role can be assigned to a maximum of nine (9) user groups at any given time.

  • Active Directory (AD) user groups and user names support the use of a hyphen character in those names. The hyphen must appear between the first and the last character of a user name or a user group name. AD user names and user group names cannot begin or end with a hyphen.

  • You can list all users of a group that has maximum to 2000 users from theNetBackup Appliance Web Console. To list all of a group that has more than 2000 users, use the List command from theNetBackup Appliance Shell Menu.