>Ok, security of all servers is important. But, what I want to know is
>how important is the security of the Veritas Backup Server? If someone
>hacked that server, would they not then have access to all our servers?
>
Yes they would.  I would consider the security of the backup server
as extremely important.  At the very least they have read access to
all the tapes that are loaded in your library.

And with the 'bpgp' command, it is possible to read and write any
file on the NBU clients once you have access to the NBU server.  Which 
makes it trivial to gain access to any of the clients.

Personally if the security of the Windows servers is in question,
I wouldn't be using those as a NBU server.  If the Unix servers
have been secure, as you say, for almost three years, I would 
use a Unix machine as the NBU server.

If switching away from Windows as the NBU server is not an option,
then try to minimize the threats as much as possible.  


>Corrollary: Suppose the Veritas Backup Server is a new Windows 2000
>server. Suppose further that the NT servers in this environment have
>been either directly hacked or seriously damaged by worms, etc. at least
>a half dozen times in the last year or two. Suppose further that the
>Unix servers have been secure without incident for almost three years.
>Would you consider it to be a serious security concern to allow the
>Windows Veritas Server to backup the Unix servers?
>
>What steps would you take to ensure security if such an arrangement were
>forced on you?

-- 
Jeff Bryer                              bryer AT sfu DOT ca
Systems Administrator                   (604) 291-4935
Academic Computing, Simon Fraser University