Tuesday, December 19, 2006

[Securiry] Backup product and Vulnerability

Recently a lot of vulnerability was found in Backup product.
such as Arcserve and Netbackup.

  • Arcserve
    • http://isc.sans.org/diary.php?storyid=1876
  • Backup Exec
    • http://www.symantec.com/avcenter/security/Content/2006.12.13a.html
    • http://seer.support.veritas.com/docs/285984.htm
Backup product have to use system privileged user for backup system files.
I think only backup (file copy process) have to use system privileged role, and other
process unnecessary to hold system privileged.

Backup vender Should design with secure default!

No comments: