We are using NetBackup 5240 and 5250 appliances. In one of the compliance meetings I was asked to provide below details . Can someone help with those please.
Multi factor authentication to backup systems/appliances?
Are backups stored on disks/tapes immutable?
Are the backups scanned for viruses/malware?
There is no MFA to the appliances themselves that I am aware of. In newer versions of NetBackup, MFA can be setup for the Web UI and the Java Admin Console.
The backups that are written to disk/tapes by a 5240 and 5250 are not immutable (WORM). You would have to have a Flex Appliance and configure a WORM storage server to have immutable backups. However, if your tapes are kept offsite they are essentially immutable.
In 9.0 or 9.1 NetBackup has started to monitor backups for 'anomalies'.
NetBackup Support MFA to access the UI,
LTO was WORM tapes available, you need to use that type to make them immutable... or once FULL on a normal LTO you can set the wrote protect TAB
Disk based solutions need to be build to have such features, NetBackup Flex Appliance have WORM, other hardware vendors provide that feature.
It is a best practice to configure the backup software to exclude from scanning while a BACKUP is taken. There is a performance penalty for scanning while you backup. It could also cause the backups to fail.