Showing results for 
Search instead for 
Did you mean: 

Threat from internal - unauthorized changes to back up jobs/applications or configuration.

Level 3
I consider this to be an extremely high priority.
I am having an issue where I have found that back up jobs have been changed by:

1) through removing the  "on hold" jobs and putting them back into scheduled jobs. ----- This created an overlap and caused preexisting jobs to fail as the start up times were the same.
2) The device location on a job was changed to a different device that was not to be selected.
3) Some back up jobs have been created without the normal administrators knowledge.

I cannot (under the current configurations) protect myself should any other admin go in and make changes. This is a security issue to both the backup jobs themselves and to any Exchange/ exchange back up administrators.

I would like to see the ability for Backup Exec to be able to report to an assigned administrator if:
1) A new device has been created  - Include what user attempted or authorized the change.
2) A new backup job has been created  - Include what user attempted or authorized the change.
3) A backup job has been put on hold or taken off hold  - Include what user attempted or authorized the change.
3a) That a password be assigned to protect a backup job from being run when it on hold. As well that a notification be sent out when that job has been changed or an attempt to change it has happened. Include what user attempted or authorized the change.
4) If a backup device within a current job has been changed. such as time, files, saved locations ect.
5) Email notification if a backup log file has been manually deleted - which would include the log file.
6) Once a server has been configured for backups that any attempt to change the entire setup are logged and a notification is sent out. This could be either password protected once the settings are complete and tested.

My support tech has a great idea! Subrata Ganguly; Technical  Support Analyst suggested that Backup Exec be configured that each individual user be set up with their own account and password (regardless if there is only one admin account being used- this does happen in smaller organizations) The accounts could then be logged or audited for changes made.

Does anyone else consider this to be a high priority for job protection (both your own and the backups you look after)?

Is there anyone who has suggestions on the best way to protect these situations from occuring?

Level 6
 The only wa yI've been able to protect a BE environment is to lock down the console via AD permissions to just my account.  Going as far as removing permissions on the executable itself.

Add to that, auditing of logon/logoff activities

And a clear policy/process in place to STOP MESSING WITH MY MEDIA SERVER!!!