Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Robinson2

10 Posts

1389

November 11th, 2013 05:00

NetWorker security hardening guide

Hello NetWorkers!

I'm looking for a NetWorker security and hardening guide. I can find pieces of information in NetWorker Administration guide, etc - but I'm looking for a more in-depth guide that can be used for hardening guidance and to prove NetWorker's security aspects for the Security Officers that can validate my backup solutions.

So hopefully any of you guys have a "hardening/security" guide for NetWorker? Even better if it also could have information on NetWorker and DDBoost in combination. We'll run NetWorker on RedHat Linux 6.x, using latest version of NetWorker and DDOS. So guidance of NetWorker in combination of hardened RedHat Linux would be greatly appreciated too.

//Johan

christopher_ime

2K Posts

November 13th, 2013 22:00

Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility.  Questions written to the users' own "Discussions" space don't get the same amount of attention and can go unanswered for a long time.

You can do so by selecting "Move" under ACTIONS along the upper-right.  Then search for and select: "NetWorker Support Forum".

NetWorker Support Forum

ble1

14.3K Posts

November 14th, 2013 00:00

Hardening usually means closing down everything unless needed.  In NSR world by default that means:

- using servers file to control which machine can operate backups

- making sure that only admin users from specific hosts (like NMC and backup server/media server hosts are listed) and all others if needed are added as per demand (and removed)

- you said you run latest NW, but there are 3 different trees of latest code so that means pretty much nothing as 8.1.x with some newer modules does enhance security even further - that's not to say that you should use latest and greatest right away (think of Windows)

- if you wish to isolate view of users on access list (if this is your case), you can logically partition backup server application and assign views (I believe that is present as of NW8)

- probably if using nsrauth, you can make your security officer wet by saying you use RSA encryption for key exchange and authentification and get rid of him/her in rather fast manner

View More

View All

No Events found!

Top