Veritas NetBackup™ Appliance Security Guide
- About the NetBackup Appliance Security Guide
- User authentication
- User authorization
- Intrusion prevention and intrusion detection systems
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- Remote Management Module (RMM) security
- Appendix A. Security release content
About user authorization on the NetBackup Appliance
The NetBackup Appliance is administered and managed through user accounts. You can create local user accounts, or register users and user groups that belong to a remote directory service. In order for a new user account to log on and access the appliance, you must first authorize it with a role. By default, a new user account does not have an assigned role, and therefore it cannot log on until you grant it a role.
Table: NetBackup Appliance user roles
Role | Description |
---|---|
Administrator | A user account that is assigned the Administrator role is provided administrative privileges to manage the NetBackup Appliance. An Administrator user is allowed to log on, view, and perform all functions on the NetBackup Appliance Web Console and the NetBackup Appliance Shell Menu. These user accounts have permissions to log on to the appliance and run NetBackup commands with superuser privileges. |
NetBackupCLI | A user account that is assigned the NetBackupCLI role is solely restricted to run a limited set of NetBackup CLI commands and does not have access outside the scope of NetBackup software directories. Once these users log on to the appliance, they are taken to a restricted shell menu from where they can manage NetBackup. The NetBackupCLI users do not have access to the NetBackup Appliance Web Console and the NetBackup Appliance Shell Menu. |
The following list describes some of the characteristics of NetBackup Appliance authorization:
Ability to prevent unintended access to the appliance by password protecting logins.
Access to shared data is provided only to authorized appliance users and NetBackup processes.
Data that is stored within an appliance cannot inherently protect itself from unintended modification or deletion by a malicious user that knows the admin credentials to the appliance.
Network access to the NetBackup Appliance Shell Menu is only allowed through SSH, and the NetBackup Appliance Web Console over HTTPS. You can also directly connect a monitor and keyboard to the appliance and log on using administrative credentials.
Access to
FTP
,Telnet
, andrlogin
are disabled on all appliances.
Note:
The NetBackup Appliance does not currently limit login attempts and enforce lockout policies. These features will be implemented in future releases.