Veritas NetBackup™ Appliance Security Guide
- About the NetBackup appliance Security Guide
- User authentication
- About user authentication on the NetBackup appliance
- About configuring user authentication
- About user name and password specifications
- User authorization
- Intrusion prevention and intrusion detection systems
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- About AutoSupport
- About Call Home
- About SNMP
- Remote Management Module (RMM) I security
- STIG and FIPS conformance
- Appendix A. Security release content
Recommended IPMI settings
This section lists the recommended IPMI settings to ensure a secure IPMI configuration.
Use the following recommendations when creating IPMI users:
Do not create accounts with null user names or passwords.
Limit the number of administrative users to one.
Disable any anonymous users.
To mitigate the CVE-2013-4786 vulnerability:
Use strong passwords to help prevent offline dictionary attacks and brute force attacks. The recommended password length is 16-20 characters.
Change the default user password (
sysadmin) as soon as possible.
Use Access Control Lists (ACLs) or isolated networks to limit access to the IPMI interface.
Use the following recommendations when applying login settings for IPMI users:
Table: Login security settings
Failed login attempts
User Lockout time (min)
Enable Force HTTPS to ensure that the IPMI connection always takes place over HTTPS.
Web Session Timeout
Veritas recommends that you enable LDAP authentication.
Veritas recommends that you import a new or a custom SSL certificate.
Table: Remote session security settings
To help prevent IPMI user actions or activity with no authentication, specific ciphers should be disabled. For further assistance, contact Technical Support and inform the representative to reference article number 000127964.
Use a dedicated Ethernet connection for IPMI and avoid sharing the physical server connection.
Use a static IP.
Avoid using DHCP.