Forum Discussion
- NicolaiModerator
Hi nbmagic
That is two questions open for interpretation by the reader. When you say "will backup be protected" do you mean out of the box installation or is it some security feature in Netbackup you want to enable ?
Veritas recently announced "Ransomware Resilience for Enterprises" - maybe have a look at the whitepaper ?
https://www.veritas.com/form/whitepaper/ransomware-resiliency
Best Regards
Nicolai- nbmagicLevel 4
I would like to rephrase my questions.
What customers would usually do to prevent from ransomware attack in terms of securing the NB server / media environment? For example, do people usually put NB environment in DMZ network? If yes, then how can we back up servers outsize DMZ?
Thank you!
- NicolaiModerator
Hi nbmagic
Some general recommendation that all add complexity, but it is all hopeful worth it when ransomware strikes.
- Firewall off the Netbackup infrastructure off the rest of the production network. Due to bandwidth requirements look into using switches with access control lists. See the also
Veritas NetBackup™ Security and Encryption Guide
Veritas NetBackup™ Network Ports Reference Guide
- Harden servers, the purpose is to reduce the attack surface of the Netbackup environment. Both Microsoft and CIS Benchmark has guides on how to harden. If using Linux, Red has templates.
- Unhook from AD, if AD is compromised so will your Netbackup installation. Trust on one.
- Block off internet so malware using "command and control server" are not reachable.
- Use endpoint protection - and use a profile that doesn't block Netbackup normal working behaviour.
Best Regards
Nicolai
Related Content
- 5 months ago
- 6 months ago
- 6 months ago