Veritas NetBackup™ Appliance Security Guide

Last Published:
Product(s): Appliances (3.1.1)
Platform: 5220,5230,5240,5330,5340
  1. About the NetBackup appliance Security Guide
    1.  
      About the NetBackup appliance Security Guide
  2. User authentication
    1. About user authentication on the NetBackup appliance
      1.  
        User types that can authenticate on the NetBackup appliance
    2. About configuring user authentication
      1.  
        Generic user authentication guidelines
    3.  
      About authenticating LDAP users
    4.  
      About authenticating Active Directory users
    5.  
      About authenticating Kerberos-NIS users
    6.  
      About the appliance login banner
    7. About user name and password specifications
      1.  
        About STIG-compliant password policy rules
  3. User authorization
    1.  
      About user authorization on the NetBackup appliance
    2. About authorizing NetBackup appliance users
      1.  
        NetBackup appliance user role privileges
    3.  
      About the Administrator user role
    4.  
      About the NetBackupCLI user role
  4. Intrusion prevention and intrusion detection systems
    1.  
      About Symantec Data Center Security on the NetBackup appliance
    2.  
      About the NetBackup appliance intrusion prevention system
    3.  
      About the NetBackup appliance intrusion detection system
    4.  
      Reviewing SDCS events on the NetBackup appliance
    5.  
      Running SDCS in unmanaged mode on the NetBackup appliance
    6.  
      Running SDCS in managed mode on the NetBackup appliance
    7.  
      Overriding the NetBackup appliance intrusion prevention system policy
    8.  
      Re-enabling the NetBackup appliance intrusion prevention system policy
  5. Log files
    1.  
      About NetBackup appliance log files
    2.  
      Viewing log files using the Support command
    3.  
      Where to find NetBackup appliance log files using the Browse command
    4.  
      Gathering device logs on a NetBackup appliance
    5.  
      Log Forwarding feature overview
  6. Operating system security
    1.  
      About NetBackup appliance operating system security
    2.  
      Major components of the NetBackup appliance OS
    3.  
      Vulnerability scanning of the NetBackup appliance
  7. Data security
    1.  
      About data security
    2.  
      About data integrity
    3.  
      About data classification
    4. About data encryption
      1.  
        KMS support
  8. Web security
    1.  
      About SSL usage
    2.  
      Implementing third-party SSL certificates
  9. Network security
    1.  
      About IPsec Channel Configuration
    2.  
      About NetBackup appliance ports
  10. Call Home security
    1. About AutoSupport
      1.  
        Data security standards
    2. About Call Home
      1.  
        Configuring Call Home from the NetBackup Appliance Shell Menu
      2.  
        Enabling and disabling Call Home from the appliance shell menu
      3.  
        Configuring a Call Home proxy server from the NetBackup Appliance Shell Menu
      4.  
        Understanding the Call Home workflow
    3. About SNMP
      1.  
        About the Management Information Base (MIB)
  11. Remote Management Module (RMM) I security
    1.  
      Introduction to IPMI configuration
    2.  
      Recommended IPMI settings
    3.  
      RMM ports
    4.  
      Enabling SSH on the Remote Management Module
    5.  
      Replacing the default IPMI SSL certificate
  12. STIG and FIPS conformance
    1.  
      OS STIG hardening for NetBackup appliances
    2.  
      Unenforced STIG hardening rules
    3.  
      FIPS 140-2 conformance for NetBackup appliances
  13. Appendix A. Security release content
    1.  
      NetBackup Appliance security release content

NetBackup Appliance security release content

The following list contains the known security issues that were fixed and that are now included in this release of NetBackup appliance software:

Spectre and Meltdown vulnerabilities

NetBackup Appliance release 3.1.1 includes fixes that are specific to the following variants:

  • Variant 1 - Spectre, CVE-2017-5753

  • Variant 3 - Meltdown, CVE-2017-5754

These fixes address the potential of a local user to install and run a binary to gain access to the memory of other processes.

Veritas recommends that you upgrade all NetBackup appliances to version 3.1.1 as soon as possible to mitigate these vulnerabilities. For more details about these vulnerabilities, see the following article:

https://www.veritas.com/support/en_US/article.100041496

The following describes additional vulnerabilities that have been addressed in version 3.1.1:

  • Apache Struts vulnerability

    CVE-2017-5638

  • WPA2 package updates for KRACK:

    CVE-2017-13077

    CVE-2017-13078

    CVE-2017-13080

    CVE-2017-13082

    CVE-2017-13086

    CVE-2017-13088

  • DNS package updates

    CVE-2017-14491

    CVE-2017-14492

    CVE-2017-14493

    CVE-2017-14494

    CVE-2017-14495

    CVE-2017-14496

  • Java Vulnerabilities

    CVE-2017-10309

    CVE-2017-10274

    CVE-2017-10293

    CVE-2017-10281

    CVE-2017-10347

    CVE-2017-10348

    CVE-2017-10349

    CVE-2017-10350

    CVE-2017-10357

    CVE-2017-10345

    VE-2017-10346

    CVE-2017-10285

  • Miscellaneous

    CVE-2017-8030

    CVE-2017-8046

    CVE-2017-15288

    CVE-2017-5645

    CVE-2017-17485

    CVE-2017-1000253

    CVE-2017-7555

    CVE-2016-10164

    CVE-2017-2625

    CVE-2017-2626

    CVE-2016-10200

    CVE-2017-2647

    CVE-2017-8797

    CVE-2015-8839

    CVE-2015-8970

    CVE-2016-9576

    CVE-2016-7042

    CVE-2016-7097

    CVE-2016-8645

    CVE-2016-9576

    CVE-2016-9588

    CVE-2016-9806

    CVE-2016-10088

    CVE-2016-10147

    CVE-2017-2596

    CVE-2017-2671

    CVE-2017-5970

    CVE-2017-6001

    CVE-2017-6951

    CVE-2017-7187

    CVE-2017-7616

    CVE-2017-7889

    CVE-2017-8890

    CVE-2017-9074

    CVE-2017-9075

    CVE-2017-9076

    CVE-2017-9077

    CVE-2017-9242

    CVE-2014-7970

    CVE-2014-7975

    CVE-2016-6213

    CVE-2016-9604

    CVE-2016-9685

    CVE-2016-10165

    CVE-2016-8399

    CVE-2016-9841

    CVE-2017-1000111

    CVE-2017-1000112

    CVE-2017-10274

    CVE-2017-10281

    CVE-2017-10295

    CVE-2017-7558

    CVE-2017-10355

    CVE-2017-7542

    CVE-2017-10356

    CVE-2017-10388

    CVE-2017-7184

    CVE-2017-12617