Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Ciphers used in NetBackup for secure communication
  4. Ciphers used in NetBackup
NetBackup™ Security and Encryption Guide

Ciphers used in NetBackup

This section lists the ciphers that NetBackup uses for secure communication.

Table: Ciphers used in NetBackup for web access

Product

Local account password encryption

Web access

Connections

Enabled transmission ciphers

NetBackup 10.x

NetBackup typically does not use local accounts. Instead, accounts that are defined on the local OS or an external identity provider (SAML, AD, or LDAP) are used.

TLSv1.2

Web Services (ports 443 and 1556):

ECDHE_RSA_WITH_AES_128_GCM_SHA256

DHE_RSA_WITH_AES_128_GCM_SHA256

ECDHE_RSA_WITH_AES_256_GCM_SHA384

DHE_RSA_WITH_AES_256_GCM_SHA384

Secure communications (control and data channels):

ECDHE-RSA-AES256-GCM-SHA384

RabbitMQ (port 13781):

ECDHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES256-GCM-SHA384

Table: Ciphers used in NetBackup for authentication

Product

Local account password encryption

Authentication services connections

Active Directory Domain Controllers

LDAP authentication

Ciphers

NetBackup 10.2

NetBackup typically does not use local accounts. Instead, accounts that are defined on the local OS or an external identity provider (SAML, AD, or LDAP) are used.

If configured, NetBackup uses Openldap to connect directly to LDAP or AD servers. Both LDAP and LDAPS (LDAP over TLS) are supported

Simple authentication

ECDHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-SHA384

ECDHE-RSA-AES256-SHA

DHE-RSA-AES256-SHA

Table: Ciphers used in NetBackup for data at rest encryption

Product

Local account password encryption

Data at rest encryption

Hardware or software-based encryption

Ciphers

NetBackup 10.x

NetBackup typically does not use local accounts. Instead, accounts that are defined on the local OS or an external identity provider (SAML, AD, or LDAP) are used.

Software based except for tape drive encryption

MSDP: AES-256-CTR

Legacy cloud connector and Advanced Disk Crypt:

AES-256-CFB

Client encryption (selected by customer):

AES-128-CFB (default)

BF-CFB

DES-EDE-CFB

AES-256-CFB

Tape drive encryption (hardware-based):

AES-256

Feedback

Was this page helpful?
Previous

Ciphers used in NetBackup for secure communication

Next

FIPS compliance in NetBackup

Feedback

Was this page helpful?