Veritas-bu

[Veritas-bu] SYM06-024 question

2007-01-03 18:01:48
Subject: [Veritas-bu] SYM06-024 question
From: dlowenst at mail.sdsu.edu (Dave Lowenstein)
Date: Wed, 03 Jan 2007 15:01:48 -0800
I want to make sure I'm protected from this without having to go to the 
trouble of implementing VXSS or doing a maintenance pack upgrade.

Can you help me decipher this part of the paragraph?

"All other daemons associated with Veritas NetBackup derive access 
control from the NetBackup configuration which *denies* access by default.
Edit the configuration using "host properties" in the GUI to allow only 
those hosts that require access to associated NetBackup services. Any 
malicious user or attacker would have to have either authorized access 
to or gain unauthorized access to one of the trusted-hosts to attempt 
attacks against a targeted server."

what does that mean exactly? What am I checking in host properties in 
the gui?



full paragraph follows for reference:

*Implement Trusted-Host access through configuration files*
Daemons associated with Veritas NetBackup services provide Trusted-Host 
access through the appropriate configuration files. Some of the services 
allow access by default while others deny access by default depending on 
the functionality of the service. Customers should follow the 
documentation provided for each service to ensure they have implemented 
a trusted-host relationship appropriate for their network.

The vmd, oprd and robotic daemons derive access control from the vm.conf 
file which allows access by default if there is no SERVER entry entered.

Using an appropriate text editor, configure vm.conf's 
"SERVER=<hostname>" for allowed host entries. Once a "SERVER=<hostname>" 
list is compiled, the associated daemons will ONLY trust and allow hosts 
annotated in vm.conf. Any malicious user or attacker would have to have 
either authorized access to or gain unauthorized access to one of the 
trusted-hosts to attempt attacks against a targeted server.

All other daemons associated with Veritas NetBackup derive access 
control from the NetBackup configuration which *denies* access by default.
Edit the configuration using "host properties" in the GUI to allow only 
those hosts that require access to associated NetBackup services. Any 
malicious user or attacker would have to have either authorized access 
to or gain unauthorized access to one of the trusted-hosts to attempt 
attacks against a targeted server.

<Prev in Thread] Current Thread [Next in Thread>
  • [Veritas-bu] SYM06-024 question, Dave Lowenstein <=