My organization is currently working on a project to disable TLS versions 1.0 and 1.1. We are planning to have TLS version 1.2 enabled only. We are running Netbackup 7.6.1 on Windows Server 2012 on our Master, Media, and Opscenter Servers. Is there documentation on how to disable the older TLS protocols and enable TLS 1.2 within the Netbackup and OpsCenter application consoles in addition to the servers? Also is there any documentation for the operating systems requirements for WIndows and Linux client thats are being backed up using Netbackup?
NetBackup 7.6.1 is very old and reached EOSL in 2017.
Veritas NetBackup 7.x through 188.8.131.52 and 7.6.0.x through 184.108.40.206 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 220.127.116.11 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
If you are serious about security, you need to upgrade... Current NBU version is 8.3.
Thanks. We are planning an upgrade but it won't be completed before the current TLS project. Does Netbackup version 7.6.1 use TLS? Your response has the folowing versions listed.
Veritas NetBackup 7.x through 18.104.22.168 and 7.6.0.x through 22.214.171.124 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 126.96.36.199
If you do anything with Windows databases, including AD, ADAM, Exchange, SharePoint, and DFSR, you cannot disable TLS 1.0 on the clients until at least NetBackup 8.2 or 8.3. Look in the Compatibility list for the specific NetBackup version.
The clients can't get away from TLS. For example, Exchange Web Services (EWS) uses it.