04-10-2024 08:12 AM
NetBackup 10.4 has been enhanced with key new multi-factor and multi-person authorization (MFA/MPA) features. These features help users keep up with the ever-evolving security threats to data recovery systems. Hackers have made it clear they’re coming for an organization’s data protection systems first, then laying waste to everything else. Version 10.4 makes that a lot harder with these new features.
MPA Enhancements
NetBackup 10.3 introduced MPA protection when performing irreversible data destructive actions. Version 10.4 expands MPA to include support for protecting global security settings, image hold operations, WORM options, and by capturing and displaying the API communications payload for MPA tickets. For example, who requested an action (created an MPA ticket) if the requestor has had rejected tickets. As a result of these MPA expansions, the following actions will now require MPA and prompt corresponding notifications in the MPA ticket system:
Please see my other VOX posting for more detailed information on how MPA is enhanced for WORM and MSDP operations:
NetBackup 10.3+ MFA Container Logins and MPA Destructive Action Control
MFA Enhancements
An existing user Web UI session might be hacked if the end user browser is compromised. To prevent the exploit of a hacked browser session, an additional MFA prompt is posted when performing critical (image or platform-specific) operations. The user cannot continue/complete the change until they re-authorize with MFA. This adds a layer of security by forcing the legitimate user to be entering their one-time PIN (OTP) code again to validate their identity.