09-14-2020 05:37 AM - edited 09-14-2020 05:38 AM
My organization is currently working on a project to disable TLS versions 1.0 and 1.1. We are planning to have TLS version 1.2 enabled only. We are running Netbackup 7.6.1 on Windows Server 2012 on our Master, Media, and Opscenter Servers. Is there documentation on how to disable the older TLS protocols and enable TLS 1.2 within the Netbackup and OpsCenter application consoles in addition to the servers? Also is there any documentation for the operating systems requirements for WIndows and Linux client thats are being backed up using Netbackup?
09-14-2020 08:08 AM
NetBackup 7.6.1 is very old and reached EOSL in 2017.
I found the following https://www.cvedetails.com/vulnerability-list/vendor_id-1884/product_id-4116/version_id-194597/Verit...:
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
If you are serious about security, you need to upgrade... Current NBU version is 8.3.
09-14-2020 09:44 AM - edited 09-14-2020 09:44 AM
Thanks. We are planning an upgrade but it won't be completed before the current TLS project. Does Netbackup version 7.6.1 use TLS? Your response has the folowing versions listed.
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4
09-14-2020 09:36 PM
09-15-2020 09:35 AM - edited 09-15-2020 09:37 AM
If you do anything with Windows databases, including AD, ADAM, Exchange, SharePoint, and DFSR, you cannot disable TLS 1.0 on the clients until at least NetBackup 8.2 or 8.3. Look in the Compatibility list for the specific NetBackup version.
The clients can't get away from TLS. For example, Exchange Web Services (EWS) uses it.