Veritas NetBackup™ Appliance Security Guide
- About the NetBackup appliance Security Guide
- User authentication
- User authorization
- Intrusion prevention and intrusion detection systems- About Symantec Data Center Security on the NetBackup appliance
- About the NetBackup appliance intrusion prevention system
- About the NetBackup appliance intrusion detection system
- Reviewing SDCS events on the NetBackup appliance
- Running SDCS in unmanaged mode on the NetBackup appliance
- Running SDCS in managed mode on the NetBackup appliance
 
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- Remote Management Module (RMM) I security
- STIG and FIPS conformance
- Appendix A. Security release content
NetBackup Appliance security release content
The following list contains the known security issues that were fixed and that are now included in this release of NetBackup appliance software:
The fix for Spectre Variant 2 (CVE-2017-5715) is disabled by default in this release because it adversely impacts appliance performance. The following describes the performance impact by appliance model and operation.
Table: Performance impact on appliance models with Spectre Variant 2 (CVE-2017-5715) disabled
| Model | Backup performance | Restore performance | 
|---|---|---|
| 5230 | May decrease as much as 25%. | May decrease as much as 33%. | 
| 5240 | May decrease as much as 30%. | No impact. | 
| 5330 | May decrease as much as 21%. | May decrease as much as 27%. | 
| 5340 | No impact. | No impact. | 
An EEB is available for appliance release 3.1.2 that enables the fix for this variant. If you are more concerned with security than performance and would prefer to install the EEB, contact Veritas Technical Support.
The appliance software has been updated to the RHEL7.5 Kernel. Many packages and libraries have been updated that address the following security vulnerabilities:
- CVE-2018-1000199 
- CVE-2018-8897 
- CVE-2018-1091 
- CVE-2018-1087 
- CVE-2018-1068 
- CVE-2017-16939 
- CVE-2017-12188 
- CVE-2017-7518 
- CVE-2017-8824 
- CVE-2018-3639 
- CVE-2018-1000001 
- CVE-2017-15804 
- CVE-2017-15670 
- CVE-2017-12132 
- CVE-2014-9402 
- CVE-2015-5180 
- CVE-2018-2783 
- CVE-2017-3738 
- CVE-2017-3737 
- CVE-2017-3736 
- CVE-2017-12151 
- CVE-2018-7750 
- CVE-2017-5754 
- CVE-2016-8633 
- CVE-2017-12154 
- CVE-2017-13166 
- CVE-2016-7913 
- CVE-2017-7294 
- CVE-2017-9725 
- CVE-2017-12190 
- CVE-2017-15121 
- CVE-2017-15126 
- CVE-2017-15129 
- CVE-2017-15265 
- CVE-2017-17448 
- CVE-2017-17449 
- CVE-2017-17558 
- CVE-2017-18017 
- CVE-2017-18203 
- CVE-2017-1000252 
- CVE-2017-1000407 
- CVE-2017-1000410 
- CVE-2018-5750 
- CVE-2018-1000004 
- CVE-2017-13672 
- CVE-2017-13711 
- CVE-2017-15124 
- CVE-2017-15268 
- CVE-2018-5683 
- CVE-2018-5146 
- CVE-2017-7562 
- CVE-2017-11368 
- CVE-2017-6463 
- CVE-2017-6464 
- CVE-2017-6462 
- CVE-2017-15906 
- CVE-2017-7529 
- CVE-2018-5732 
- CVE-2018-5733