Veritas-bu

[Veritas-bu] Important -About Veritas Netbackup Security???

2005-07-27 22:01:25
Subject: [Veritas-bu] Important -About Veritas Netbackup Security???
From: Dean <dean.deano AT gmail DOT com> (Dean)
Date: Thu, 28 Jul 2005 12:01:25 +1000
------=_Part_181_26386497.1122516085529
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I believe it affects both Backup Exec, and several versions of NetBackup=20
Netware Media Server ....
 http://www.securityfocus.com/bid/14019
=20

 On 7/28/05, Charles Ballowe <cballowe AT gmail DOT com> wrote:=20
>=20
> I think the veritas flaw mentioned is the one in this article:
> http://www.technewsworld.com/rsstory/44353.html
>=20
> The flaw is in Backup Exec, not NetBackup.
>=20
> That doesn't mean NetBackup is completely in the clear - just that if
> there's a flaw it's not an exposed flaw.
>=20
> But -- you need to keep your media servers locked down pretty well.
> Consider the power of commands like bpinst and bpgp.
>=20
> -Charlie
>=20
> On 7/27/05, Grover,Samuel <Samuel.Grover AT cna DOT com> wrote:
> >
> > The corporate firewall keeps people out.. if someone gets in through th=
e
> > firewall on port 13782, I'd say my network security folks have a
> > problem.
> >
> > Sam Grover
> > CNA Financial
> >
> > -----Original Message-----
> > From: veritas-bu-admin AT mailman.eng.auburn DOT edu
> > [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On Behalf Of Ra pa
> > Sent: Wednesday, July 27, 2005 9:38 AM
> > To: veritas-bu AT mailman.eng.auburn DOT edu
> > Subject: [Veritas-bu] Important -About Veritas Netbackup Security???
> >
> >
> > I found this article on cnn technology.
> >
> > http://www.cnn.com/2005/TECH/internet/07/25/hackers.backup.software.reu=
t
> > /index.html
> >
> > Will you guys provide some of your thoughts about
> > securing netbackup environment, How to protect gaining
> > someone access from client port to master..etc
> >
> > Any input will be much appreciate
> >
> >
> > Thanks
> > =3Dkpr=3D
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> > _______________________________________________
> > Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
> > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> >
> > E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and=
=20
> any attachments are intended solely for the
> > addressee(s) and may contain confidential and/or legally privileged=20
> information. If you are not the
> > intended recipient of this message or if this message has been addresse=
d=20
> to you in error, please
> > immediately alert the sender by reply e-mail and then delete this=20
> message and any attachments. If you
> > are not the intended recipient, you are notified that any use,=20
> dissemination, distribution, copying, or
> > storage of this message or any attachment is strictly prohibited.
> >
> > _______________________________________________
> > Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
> > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> >
>=20
> _______________________________________________
> Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>

------=_Part_181_26386497.1122516085529
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<div>I believe it affects both Backup Exec, and several versions of NetBack=
up Netware Media Server ....</div>
<div>&nbsp;</div>
<div><a href=3D"http://www.securityfocus.com/bid/14019";>http://www.security=
focus.com/bid/14019</a></div>
<div>&nbsp;</div>
<div><br><br>&nbsp;</div>
<div><span class=3D"gmail_quote">On 7/28/05, <b class=3D"gmail_sendername">=
Charles Ballowe</b> &lt;<a href=3D"mailto:cballowe AT gmail DOT 
com">cballowe@gmai=
l.com</a>&gt; wrote:</span>
<blockquote class=3D"gmail_quote" style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0=
px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">I think the veritas flaw mention=
ed is the one in this article:<br><a href=3D"http://www.technewsworld.com/r=
sstory/44353.html">
http://www.technewsworld.com/rsstory/44353.html</a><br><br>The flaw is in B=
ackup Exec, not NetBackup.<br><br>That doesn't mean NetBackup is completely=
 in the clear - just that if<br>there's a flaw it's not an exposed flaw.
<br><br>But -- you need to keep your media servers locked down pretty well.=
<br>Consider the power of commands like bpinst and bpgp.<br><br>-Charlie<br=
><br>On 7/27/05, Grover,Samuel &lt;<a href=3D"mailto:Samuel.Grover AT cna DOT 
>com"=
>
Samuel.Grover AT cna DOT com</a>&gt; wrote:<br>&gt;<br>&gt; The corporate 
firewall=
 keeps people out.. if someone gets in through the<br>&gt; firewall on port=
 13782, I'd say my network security folks have a<br>&gt; problem.<br>&gt;
<br>&gt; Sam Grover<br>&gt; CNA Financial<br>&gt;<br>&gt; -----Original Mes=
sage-----<br>&gt; From: <a href=3D"mailto:veritas-bu-admin AT mailman.eng DOT 
aubu=
rn.edu">veritas-bu-admin AT mailman.eng.auburn DOT edu</a><br>&gt; [mailto:<a 
href=
=3D"mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu">
veritas-bu-admin AT mailman.eng.auburn DOT edu</a>] On Behalf Of Ra pa<br>&gt; 
Sen=
t: Wednesday, July 27, 2005 9:38 AM<br>&gt; To: <a href=3D"mailto:veritas-b=
u AT mailman.eng.auburn DOT edu">veritas-bu AT mailman.eng.auburn DOT 
edu</a><br>&gt; Sub=
ject: [Veritas-bu] Important -About Veritas Netbackup Security???
<br>&gt;<br>&gt;<br>&gt; I found this article on cnn technology.<br>&gt;<br=
>&gt; <a href=3D"http://www.cnn.com/2005/TECH/internet/07/25/hackers.backup=
.software.reut">http://www.cnn.com/2005/TECH/internet/07/25/hackers.backup.=
software.reut
</a><br>&gt; /index.html<br>&gt;<br>&gt; Will you guys provide some of your=
 thoughts about<br>&gt; securing netbackup environment, How to protect gain=
ing<br>&gt; someone access from client port to master..etc<br>&gt;<br>&gt; =
Any input will be much appreciate
<br>&gt;<br>&gt;<br>&gt; Thanks<br>&gt; =3Dkpr=3D<br>&gt;<br>&gt;<br>&gt; _=
_________________________________________________<br>&gt; Do You Yahoo!?<br=
>&gt; Tired of spam?&nbsp;&nbsp;Yahoo! Mail has the best spam protection ar=
ound<br>&gt;=20
<a href=3D"http://mail.yahoo.com";>http://mail.yahoo.com</a><br>&gt; _______=
________________________________________<br>&gt; Veritas-bu maillist&nbsp;&=
nbsp;-&nbsp;&nbsp;<a href=3D"mailto:Veritas-bu AT mailman.eng.auburn DOT 
edu">Veri=
tas-bu AT mailman.eng.auburn DOT edu
</a><br>&gt; <a href=3D"http://mailman.eng.auburn.edu/mailman/listinfo/veri=
tas-bu">http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu</a><br>&g=
t;<br>&gt; E-MAIL CONFIDENTIALITY NOTICE:&nbsp;&nbsp;The contents of this e=
-mail message and any attachments are intended solely for the
<br>&gt; addressee(s) and may contain confidential and/or legally privilege=
d information. If you are not the<br>&gt; intended recipient of this messag=
e or if this message has been addressed to you in error, please<br>&gt; imm=
ediately alert the sender by reply e-mail and then delete this message and =
any attachments. If you
<br>&gt; are not the intended recipient, you are notified that any use, dis=
semination, distribution, copying, or<br>&gt; storage of this message or an=
y attachment is strictly prohibited.<br>&gt;<br>&gt; ______________________=
_________________________
<br>&gt; Veritas-bu maillist&nbsp;&nbsp;-&nbsp;&nbsp;<a href=3D"mailto:Veri=
tas-bu AT mailman.eng.auburn DOT edu">Veritas-bu AT mailman.eng.auburn DOT 
edu</a><br>&gt=
; <a href=3D"http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu";>htt=
p://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
</a><br>&gt;<br><br>_______________________________________________<br>Veri=
tas-bu maillist&nbsp;&nbsp;-&nbsp;&nbsp;<a href=3D"mailto:Veritas-bu@mailma=
n.eng.auburn.edu">Veritas-bu AT mailman.eng.auburn DOT edu</a><br><a 
href=3D"http:=
//mailman.eng.auburn.edu/mailman/listinfo/veritas-bu">
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu</a><br></blockquo=
te></div><br>

------=_Part_181_26386497.1122516085529--