In the light of the recent outbreak of Wanna Cry / DeCryptor I need to know how to harden security on our BE3600 R2.
I know now, that the R2 is out of support - though we have maintenance on the appliance and could upgrade to R4 we're not able to, because certain backup targets are no longer supported on the new release - we have to stay at R2 at the moment - thus we can't get support.
What can be done on the appliance (which is essentially running Server 2008) - has it been patched by Microsoft through security updates (which are still coming through when updating it from the console) or do we have to do something extra, to lock down - is there any way to see if the patches have indeed been installed?
Since I can't get support by phone I have to write here, hoping someone from Veritas will answer this simple question.
Other than that there is already a security suite installed on an appliance and the build itself is partially restricted from modifications by this suite - and you cannot harden it further.
Unfortunately for you we did almost certainly made changes to the rules in place in the security of the appliance in later builds (3600 R3 or R4)
I suspect however that you are between a rock and a hard place as if you are running operating system and applications that are out of support with Microsoft which results in you having to run an Appliance revision that is out of support with us, then there will almost certainly be security updates that are not being made available to the environment you are running. At the end of the day you need to work on how you will upgrade all your out of date IT systems.
Please be aware that whilst the 3600 R4 software image (which runs BE 15 on Windows 2008 R2) remains supported, this is only partial support as the Appliance itself is now completely End of Life - as such you need to plan what you intend to do with your backup strategy in addition to any security reasons.