Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility. Questions written to the users' own "Discussions" space don't get the same amount of attention and can go unanswered for a long time.
You can do so by selecting "Move" under ACTIONS along the upper-right. Then search for and select: "NetWorker Support Forum".
Hardening usually means closing down everything unless needed. In NSR world by default that means:
- using servers file to control which machine can operate backups
- making sure that only admin users from specific hosts (like NMC and backup server/media server hosts are listed) and all others if needed are added as per demand (and removed)
- you said you run latest NW, but there are 3 different trees of latest code so that means pretty much nothing as 8.1.x with some newer modules does enhance security even further - that's not to say that you should use latest and greatest right away (think of Windows)
- if you wish to isolate view of users on access list (if this is your case), you can logically partition backup server application and assign views (I believe that is present as of NW8)
- probably if using nsrauth, you can make your security officer wet by saying you use RSA encryption for key exchange and authentification and get rid of him/her in rather fast manner
christopher_ime
4 Operator
•
2K Posts
0
November 13th, 2013 22:00
Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility. Questions written to the users' own "Discussions" space don't get the same amount of attention and can go unanswered for a long time.
You can do so by selecting "Move" under ACTIONS along the upper-right. Then search for and select: "NetWorker Support Forum".
NetWorker Support Forum
ble1
4 Operator
•
14.4K Posts
2
November 14th, 2013 00:00
Hardening usually means closing down everything unless needed. In NSR world by default that means:
- using servers file to control which machine can operate backups
- making sure that only admin users from specific hosts (like NMC and backup server/media server hosts are listed) and all others if needed are added as per demand (and removed)
- you said you run latest NW, but there are 3 different trees of latest code so that means pretty much nothing as 8.1.x with some newer modules does enhance security even further - that's not to say that you should use latest and greatest right away (think of Windows)
- if you wish to isolate view of users on access list (if this is your case), you can logically partition backup server application and assign views (I believe that is present as of NW8)
- probably if using nsrauth, you can make your security officer wet by saying you use RSA encryption for key exchange and authentification and get rid of him/her in rather fast manner