About security configuration risk
Security configuration risk depends on the status of the security settings in your NetBackup domain. A high configuration risk score implies that more number of security settings need to be configured in the domain. To minimize the risk, enable all the required security settings.
See Security settings to be configured to minimize risk.
The security risk score is also determined based on the active status of each host in the domain. A host is considered to be active if it has participated in secure communication within the domain during the last seven days.
Risk score for the following settings is determined based on the active status of the hosts:
Secure data-in-transit encryption (DTE)
Service user configuration
Percent of servers with the current primary server version or later
Percent of other hosts with current primary server version or later
For more information on how to minimize the security configuration risk, see the article.
The NetBackup web UI dashboard shows the security configuration risk score. When you change any of the security settings, the risk score is updated on the dashboard.
The following parameters help you learn the current security scenario in your domain and how you can minimize the security configuration risk.
Use the NetBackup web UI dashboard to see these parameters.
Current posture comprises the current values of NetBackup security settings. It is recommended that you enable all security settings to minimize the security configuration risk.
See Security settings to be configured to minimize risk.
Security baseline is a collection of recommended security settings for your NetBackup domain. For the first time, you configure the security settings as per the recommendation, and use this current posture as your security baseline.
By default, security baseline is not configured.
See Security settings to be configured to minimize risk.
See Set the current posture as security baseline.
The security baseline is managed by the NetBackup Administrator or the Security Administrator.
For primary servers that are registered with Cohesity Alta View server, the security baseline is managed by the Cohesity Alta View Administrator.
Recommended values for any given setting represents the possible values of the setting which are considered secure. It is highly recommended to align the current posture of every setting as per the recommended values in order to observe the most secure environment.
If a NetBackup security setting (current posture) does not comply with the security baseline, it is shown in the compliance status as 'Not compliant with the baseline'.
You should review the compliance status and modify the security settings to minimize the risk.
To view the Security configuration risk card on the NetBackup web UI dashboard, you should have the following roles and permissions:
See Configuring RBAC.
RBAC roles | Permissions |
|---|---|
Custom | View, update global security settings |