Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] Security of Veritas Backup Server

2002-07-17 15:56:52
Subject: [Veritas-bu] Security of Veritas Backup Server
From: larry.kingery AT veritas DOT com (Larry Kingery)
Date: Wed, 17 Jul 2002 15:56:52 -0400 (EDT) 
Just a few points you may want to investigate...

Chris Hoogendyk writes:
> Ok, security of all servers is important. But, what I want to know is
> how important is the security of the Veritas Backup Server? If someone
> hacked that server, would they not then have access to all our servers?

They'd certain have read access (they could get files from the
clients, sort of necessary for backups after all).  By default, they'd
also have write access (for restores of course), but you can alter
this behavior through the use of the DISALLOW_SERVER_WRITES (keep in
mind what you're giving up though, like server initiated restores,
centralized software configuration of clients, etc).

You also might want to take a look at vopie which provides some added
authentication against IP spoofing the NBU server.

> 
> Corrollary: Suppose the Veritas Backup Server is a new Windows 2000
> server. Suppose further that the NT servers in this environment have

Well, there's a distinction which needs to be made here as to the use
of the word "server".  If they're media servers they can do a lot more
than if they're just NBU clients.  In 4.5, you can limit them somewhat
through the use of the new MEDIA_SERVER parameter.

Depending on what you're trying to protect against, you may also want
to look at DISALLOW_CLIENT_*.

> been either directly hacked or seriously damaged by worms, etc. at least
> a half dozen times in the last year or two. Suppose further that the
> Unix servers have been secure without incident for almost three years.
> Would you consider it to be a serious security concern to allow the
> Windows Veritas Server to backup the Unix servers?
> 
> What steps would you take to ensure security if such an arrangement were
> forced on you?
> 
> 
> ---------------
> 
> Chris Hoogendyk
> 
> -- 
>    O__  ---- Network Specialist & Unix Systems Administrator
>   c/ /'_ --- Library Information Systems & Technology Services
>  (*) \(*) -- W.E.B. Du Bois Library
> ~~~~~~~~~~ - University of Massachusetts, Amherst
> 
> <choogend AT library.umass DOT edu>
> 
> ---------------
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

-- 
Larry Kingery 
                 On a clear disk you can seek forever
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] Setting default pool, Donaldson, Mark
Next by Date:  [Veritas-bu] NDMP 3-way backup on Windows NT/2000, Gustavo Vegas
Previous by Thread:  [Veritas-bu] Security of Veritas Backup Server, Chris Hoogendyk
Next by Thread:  [Veritas-bu] GUI exp. date, Ron Lyman
Indexes:  [Date] [Thread] [Top] [All Lists]